From d0e5bab903cb9b0f79bf8f9448cb4224e68585b9 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 5 Dec 2023 15:01:07 +0000 Subject: [PATCH] Auto-Update: 2023-12-05T15:01:03.233992+00:00 --- CVE-2022/CVE-2022-244xx/CVE-2022-24403.json | 55 +++++++++ CVE-2022/CVE-2022-464xx/CVE-2022-46480.json | 8 +- CVE-2022/CVE-2022-475xx/CVE-2022-47531.json | 8 +- CVE-2023/CVE-2023-211xx/CVE-2023-21162.json | 8 +- CVE-2023/CVE-2023-211xx/CVE-2023-21163.json | 8 +- CVE-2023/CVE-2023-211xx/CVE-2023-21164.json | 8 +- CVE-2023/CVE-2023-211xx/CVE-2023-21166.json | 8 +- CVE-2023/CVE-2023-212xx/CVE-2023-21215.json | 8 +- CVE-2023/CVE-2023-212xx/CVE-2023-21216.json | 8 +- CVE-2023/CVE-2023-212xx/CVE-2023-21217.json | 8 +- CVE-2023/CVE-2023-212xx/CVE-2023-21218.json | 8 +- CVE-2023/CVE-2023-212xx/CVE-2023-21227.json | 8 +- CVE-2023/CVE-2023-212xx/CVE-2023-21228.json | 8 +- CVE-2023/CVE-2023-212xx/CVE-2023-21263.json | 8 +- CVE-2023/CVE-2023-214xx/CVE-2023-21401.json | 8 +- CVE-2023/CVE-2023-214xx/CVE-2023-21402.json | 8 +- CVE-2023/CVE-2023-214xx/CVE-2023-21403.json | 8 +- CVE-2023/CVE-2023-216xx/CVE-2023-21634.json | 8 +- CVE-2023/CVE-2023-223xx/CVE-2023-22383.json | 8 +- CVE-2023/CVE-2023-226xx/CVE-2023-22668.json | 8 +- CVE-2023/CVE-2023-240xx/CVE-2023-24046.json | 8 +- CVE-2023/CVE-2023-240xx/CVE-2023-24047.json | 8 +- CVE-2023/CVE-2023-240xx/CVE-2023-24048.json | 8 +- CVE-2023/CVE-2023-240xx/CVE-2023-24049.json | 8 +- CVE-2023/CVE-2023-240xx/CVE-2023-24050.json | 8 +- CVE-2023/CVE-2023-240xx/CVE-2023-24051.json | 8 +- CVE-2023/CVE-2023-240xx/CVE-2023-24052.json | 8 +- CVE-2023/CVE-2023-269xx/CVE-2023-26941.json | 8 +- CVE-2023/CVE-2023-269xx/CVE-2023-26942.json | 8 +- CVE-2023/CVE-2023-269xx/CVE-2023-26943.json | 8 +- CVE-2023/CVE-2023-285xx/CVE-2023-28546.json | 8 +- CVE-2023/CVE-2023-285xx/CVE-2023-28550.json | 8 +- CVE-2023/CVE-2023-285xx/CVE-2023-28551.json | 8 +- CVE-2023/CVE-2023-285xx/CVE-2023-28579.json | 8 +- CVE-2023/CVE-2023-285xx/CVE-2023-28580.json | 8 +- CVE-2023/CVE-2023-285xx/CVE-2023-28585.json | 8 +- CVE-2023/CVE-2023-285xx/CVE-2023-28586.json | 8 +- CVE-2023/CVE-2023-285xx/CVE-2023-28587.json | 8 +- CVE-2023/CVE-2023-285xx/CVE-2023-28588.json | 8 +- CVE-2023/CVE-2023-290xx/CVE-2023-29060.json | 18 +-- CVE-2023/CVE-2023-290xx/CVE-2023-29061.json | 18 +-- CVE-2023/CVE-2023-290xx/CVE-2023-29062.json | 18 +-- CVE-2023/CVE-2023-290xx/CVE-2023-29063.json | 18 +-- CVE-2023/CVE-2023-290xx/CVE-2023-29064.json | 105 ++++++++++++++++- CVE-2023/CVE-2023-290xx/CVE-2023-29065.json | 105 ++++++++++++++++- CVE-2023/CVE-2023-330xx/CVE-2023-33017.json | 8 +- CVE-2023/CVE-2023-330xx/CVE-2023-33018.json | 8 +- CVE-2023/CVE-2023-330xx/CVE-2023-33022.json | 8 +- CVE-2023/CVE-2023-330xx/CVE-2023-33024.json | 8 +- CVE-2023/CVE-2023-330xx/CVE-2023-33041.json | 8 +- CVE-2023/CVE-2023-330xx/CVE-2023-33042.json | 8 +- CVE-2023/CVE-2023-330xx/CVE-2023-33043.json | 8 +- CVE-2023/CVE-2023-330xx/CVE-2023-33044.json | 8 +- CVE-2023/CVE-2023-330xx/CVE-2023-33053.json | 8 +- CVE-2023/CVE-2023-330xx/CVE-2023-33054.json | 8 +- CVE-2023/CVE-2023-330xx/CVE-2023-33063.json | 8 +- CVE-2023/CVE-2023-330xx/CVE-2023-33070.json | 8 +- CVE-2023/CVE-2023-330xx/CVE-2023-33071.json | 8 +- CVE-2023/CVE-2023-330xx/CVE-2023-33079.json | 8 +- CVE-2023/CVE-2023-330xx/CVE-2023-33080.json | 8 +- CVE-2023/CVE-2023-330xx/CVE-2023-33081.json | 8 +- CVE-2023/CVE-2023-330xx/CVE-2023-33082.json | 8 +- CVE-2023/CVE-2023-330xx/CVE-2023-33083.json | 8 +- CVE-2023/CVE-2023-330xx/CVE-2023-33087.json | 8 +- CVE-2023/CVE-2023-330xx/CVE-2023-33088.json | 8 +- CVE-2023/CVE-2023-330xx/CVE-2023-33089.json | 8 +- CVE-2023/CVE-2023-330xx/CVE-2023-33092.json | 8 +- CVE-2023/CVE-2023-330xx/CVE-2023-33097.json | 8 +- CVE-2023/CVE-2023-330xx/CVE-2023-33098.json | 8 +- CVE-2023/CVE-2023-331xx/CVE-2023-33106.json | 8 +- CVE-2023/CVE-2023-331xx/CVE-2023-33107.json | 8 +- CVE-2023/CVE-2023-356xx/CVE-2023-35668.json | 8 +- CVE-2023/CVE-2023-356xx/CVE-2023-35690.json | 8 +- CVE-2023/CVE-2023-375xx/CVE-2023-37572.json | 8 +- CVE-2023/CVE-2023-392xx/CVE-2023-39248.json | 8 +- CVE-2023/CVE-2023-400xx/CVE-2023-40073.json | 8 +- CVE-2023/CVE-2023-400xx/CVE-2023-40074.json | 8 +- CVE-2023/CVE-2023-400xx/CVE-2023-40075.json | 8 +- CVE-2023/CVE-2023-400xx/CVE-2023-40076.json | 8 +- CVE-2023/CVE-2023-400xx/CVE-2023-40077.json | 8 +- CVE-2023/CVE-2023-400xx/CVE-2023-40078.json | 8 +- CVE-2023/CVE-2023-400xx/CVE-2023-40079.json | 8 +- CVE-2023/CVE-2023-400xx/CVE-2023-40080.json | 8 +- CVE-2023/CVE-2023-400xx/CVE-2023-40081.json | 8 +- CVE-2023/CVE-2023-400xx/CVE-2023-40082.json | 8 +- CVE-2023/CVE-2023-400xx/CVE-2023-40083.json | 8 +- CVE-2023/CVE-2023-400xx/CVE-2023-40084.json | 8 +- CVE-2023/CVE-2023-400xx/CVE-2023-40087.json | 8 +- CVE-2023/CVE-2023-400xx/CVE-2023-40088.json | 8 +- CVE-2023/CVE-2023-400xx/CVE-2023-40089.json | 8 +- CVE-2023/CVE-2023-400xx/CVE-2023-40090.json | 8 +- CVE-2023/CVE-2023-400xx/CVE-2023-40091.json | 8 +- CVE-2023/CVE-2023-400xx/CVE-2023-40092.json | 8 +- CVE-2023/CVE-2023-400xx/CVE-2023-40094.json | 8 +- CVE-2023/CVE-2023-400xx/CVE-2023-40095.json | 8 +- CVE-2023/CVE-2023-400xx/CVE-2023-40096.json | 8 +- CVE-2023/CVE-2023-400xx/CVE-2023-40097.json | 8 +- CVE-2023/CVE-2023-400xx/CVE-2023-40098.json | 8 +- CVE-2023/CVE-2023-401xx/CVE-2023-40103.json | 8 +- CVE-2023/CVE-2023-404xx/CVE-2023-40459.json | 8 +- CVE-2023/CVE-2023-404xx/CVE-2023-40460.json | 8 +- CVE-2023/CVE-2023-404xx/CVE-2023-40461.json | 8 +- CVE-2023/CVE-2023-404xx/CVE-2023-40462.json | 8 +- CVE-2023/CVE-2023-404xx/CVE-2023-40463.json | 8 +- CVE-2023/CVE-2023-404xx/CVE-2023-40464.json | 8 +- CVE-2023/CVE-2023-404xx/CVE-2023-40465.json | 8 +- CVE-2023/CVE-2023-418xx/CVE-2023-41835.json | 8 +- CVE-2023/CVE-2023-425xx/CVE-2023-42556.json | 8 +- CVE-2023/CVE-2023-425xx/CVE-2023-42557.json | 8 +- CVE-2023/CVE-2023-425xx/CVE-2023-42558.json | 8 +- CVE-2023/CVE-2023-425xx/CVE-2023-42559.json | 8 +- CVE-2023/CVE-2023-425xx/CVE-2023-42560.json | 8 +- CVE-2023/CVE-2023-425xx/CVE-2023-42561.json | 8 +- CVE-2023/CVE-2023-425xx/CVE-2023-42562.json | 8 +- CVE-2023/CVE-2023-425xx/CVE-2023-42563.json | 8 +- CVE-2023/CVE-2023-425xx/CVE-2023-42564.json | 8 +- CVE-2023/CVE-2023-425xx/CVE-2023-42565.json | 8 +- CVE-2023/CVE-2023-425xx/CVE-2023-42566.json | 8 +- CVE-2023/CVE-2023-425xx/CVE-2023-42567.json | 8 +- CVE-2023/CVE-2023-425xx/CVE-2023-42568.json | 8 +- CVE-2023/CVE-2023-425xx/CVE-2023-42569.json | 8 +- CVE-2023/CVE-2023-425xx/CVE-2023-42570.json | 8 +- CVE-2023/CVE-2023-425xx/CVE-2023-42571.json | 8 +- CVE-2023/CVE-2023-425xx/CVE-2023-42572.json | 8 +- CVE-2023/CVE-2023-425xx/CVE-2023-42573.json | 8 +- CVE-2023/CVE-2023-425xx/CVE-2023-42574.json | 8 +- CVE-2023/CVE-2023-425xx/CVE-2023-42575.json | 8 +- CVE-2023/CVE-2023-425xx/CVE-2023-42576.json | 8 +- CVE-2023/CVE-2023-425xx/CVE-2023-42577.json | 8 +- CVE-2023/CVE-2023-425xx/CVE-2023-42578.json | 8 +- CVE-2023/CVE-2023-425xx/CVE-2023-42579.json | 8 +- CVE-2023/CVE-2023-425xx/CVE-2023-42580.json | 8 +- CVE-2023/CVE-2023-425xx/CVE-2023-42581.json | 8 +- CVE-2023/CVE-2023-434xx/CVE-2023-43472.json | 8 +- CVE-2023/CVE-2023-436xx/CVE-2023-43608.json | 8 +- CVE-2023/CVE-2023-436xx/CVE-2023-43628.json | 8 +- CVE-2023/CVE-2023-442xx/CVE-2023-44288.json | 8 +- CVE-2023/CVE-2023-442xx/CVE-2023-44295.json | 8 +- CVE-2023/CVE-2023-44xx/CVE-2023-4460.json | 8 +- CVE-2023/CVE-2023-457xx/CVE-2023-45773.json | 8 +- CVE-2023/CVE-2023-457xx/CVE-2023-45774.json | 8 +- CVE-2023/CVE-2023-457xx/CVE-2023-45775.json | 8 +- CVE-2023/CVE-2023-457xx/CVE-2023-45776.json | 8 +- CVE-2023/CVE-2023-457xx/CVE-2023-45777.json | 8 +- CVE-2023/CVE-2023-457xx/CVE-2023-45779.json | 8 +- CVE-2023/CVE-2023-457xx/CVE-2023-45781.json | 8 +- CVE-2023/CVE-2023-458xx/CVE-2023-45838.json | 8 +- CVE-2023/CVE-2023-458xx/CVE-2023-45839.json | 8 +- CVE-2023/CVE-2023-458xx/CVE-2023-45840.json | 8 +- CVE-2023/CVE-2023-458xx/CVE-2023-45841.json | 8 +- CVE-2023/CVE-2023-458xx/CVE-2023-45842.json | 8 +- CVE-2023/CVE-2023-468xx/CVE-2023-46887.json | 65 ++++++++++- CVE-2023/CVE-2023-471xx/CVE-2023-47106.json | 8 +- CVE-2023/CVE-2023-471xx/CVE-2023-47124.json | 8 +- CVE-2023/CVE-2023-473xx/CVE-2023-47304.json | 8 +- CVE-2023/CVE-2023-474xx/CVE-2023-47462.json | 76 +++++++++++- CVE-2023/CVE-2023-476xx/CVE-2023-47633.json | 8 +- CVE-2023/CVE-2023-483xx/CVE-2023-48315.json | 8 +- CVE-2023/CVE-2023-483xx/CVE-2023-48316.json | 8 +- CVE-2023/CVE-2023-486xx/CVE-2023-48691.json | 8 +- CVE-2023/CVE-2023-486xx/CVE-2023-48692.json | 8 +- CVE-2023/CVE-2023-486xx/CVE-2023-48693.json | 8 +- CVE-2023/CVE-2023-486xx/CVE-2023-48694.json | 8 +- CVE-2023/CVE-2023-486xx/CVE-2023-48695.json | 8 +- CVE-2023/CVE-2023-486xx/CVE-2023-48696.json | 8 +- CVE-2023/CVE-2023-486xx/CVE-2023-48697.json | 8 +- CVE-2023/CVE-2023-486xx/CVE-2023-48698.json | 8 +- CVE-2023/CVE-2023-490xx/CVE-2023-49070.json | 8 +- CVE-2023/CVE-2023-490xx/CVE-2023-49080.json | 8 +- CVE-2023/CVE-2023-492xx/CVE-2023-49280.json | 8 +- CVE-2023/CVE-2023-492xx/CVE-2023-49284.json | 8 +- CVE-2023/CVE-2023-492xx/CVE-2023-49285.json | 8 +- CVE-2023/CVE-2023-492xx/CVE-2023-49286.json | 8 +- CVE-2023/CVE-2023-492xx/CVE-2023-49288.json | 8 +- CVE-2023/CVE-2023-492xx/CVE-2023-49289.json | 8 +- CVE-2023/CVE-2023-492xx/CVE-2023-49290.json | 8 +- CVE-2023/CVE-2023-492xx/CVE-2023-49291.json | 8 +- CVE-2023/CVE-2023-492xx/CVE-2023-49292.json | 8 +- CVE-2023/CVE-2023-492xx/CVE-2023-49293.json | 8 +- CVE-2023/CVE-2023-496xx/CVE-2023-49654.json | 73 +++++++++++- CVE-2023/CVE-2023-496xx/CVE-2023-49655.json | 74 +++++++++++- CVE-2023/CVE-2023-496xx/CVE-2023-49656.json | 74 +++++++++++- CVE-2023/CVE-2023-496xx/CVE-2023-49673.json | 121 +++++++++++++++++++- CVE-2023/CVE-2023-496xx/CVE-2023-49674.json | 73 +++++++++++- CVE-2023/CVE-2023-51xx/CVE-2023-5105.json | 8 +- CVE-2023/CVE-2023-51xx/CVE-2023-5108.json | 8 +- CVE-2023/CVE-2023-51xx/CVE-2023-5137.json | 8 +- CVE-2023/CVE-2023-51xx/CVE-2023-5141.json | 8 +- CVE-2023/CVE-2023-51xx/CVE-2023-5178.json | 4 +- CVE-2023/CVE-2023-51xx/CVE-2023-5188.json | 8 +- CVE-2023/CVE-2023-52xx/CVE-2023-5210.json | 8 +- CVE-2023/CVE-2023-57xx/CVE-2023-5762.json | 8 +- CVE-2023/CVE-2023-58xx/CVE-2023-5808.json | 8 +- CVE-2023/CVE-2023-58xx/CVE-2023-5809.json | 8 +- CVE-2023/CVE-2023-58xx/CVE-2023-5874.json | 8 +- CVE-2023/CVE-2023-58xx/CVE-2023-5884.json | 8 +- CVE-2023/CVE-2023-59xx/CVE-2023-5944.json | 8 +- CVE-2023/CVE-2023-59xx/CVE-2023-5951.json | 8 +- CVE-2023/CVE-2023-59xx/CVE-2023-5952.json | 8 +- CVE-2023/CVE-2023-59xx/CVE-2023-5953.json | 8 +- CVE-2023/CVE-2023-59xx/CVE-2023-5979.json | 8 +- CVE-2023/CVE-2023-59xx/CVE-2023-5990.json | 8 +- CVE-2023/CVE-2023-60xx/CVE-2023-6063.json | 8 +- CVE-2023/CVE-2023-62xx/CVE-2023-6269.json | 8 +- README.md | 47 +++++--- 205 files changed, 1985 insertions(+), 471 deletions(-) create mode 100644 CVE-2022/CVE-2022-244xx/CVE-2022-24403.json diff --git a/CVE-2022/CVE-2022-244xx/CVE-2022-24403.json b/CVE-2022/CVE-2022-244xx/CVE-2022-24403.json new file mode 100644 index 00000000000..04b1eb98bfa --- /dev/null +++ b/CVE-2022/CVE-2022-244xx/CVE-2022-24403.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-24403", + "sourceIdentifier": "cert@ncsc.nl", + "published": "2023-12-05T14:15:07.510", + "lastModified": "2023-12-05T14:15:07.510", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The TETRA TA61 identity encryption function internally uses a 64-bit value derived exclusively from the SCK (Class 2 networks) or CCK (Class 3 networks). The structure of TA61 allows for efficient recovery of this 64-bit value, allowing an adversary to encrypt or decrypt arbitrary identities given only three known encrypted/unencrypted identity pairs." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cert@ncsc.nl", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cert@ncsc.nl", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-327" + } + ] + } + ], + "references": [ + { + "url": "https://tetraburst.com/", + "source": "cert@ncsc.nl" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-464xx/CVE-2022-46480.json b/CVE-2022/CVE-2022-464xx/CVE-2022-46480.json index 1ea9f03047f..f9798aec04d 100644 --- a/CVE-2022/CVE-2022-464xx/CVE-2022-46480.json +++ b/CVE-2022/CVE-2022-464xx/CVE-2022-46480.json @@ -2,12 +2,16 @@ "id": "CVE-2022-46480", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-05T00:15:07.460", - "lastModified": "2023-12-05T00:15:07.460", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Incorrect Session Management and Credential Re-use in the Bluetooth LE stack of the Ultraloq UL3 2nd Gen Smart Lock Firmware 02.27.0012 allows an attacker to sniff the unlock code and unlock the device whilst within Bluetooth range." + }, + { + "lang": "es", + "value": "La gesti\u00f3n de sesi\u00f3n incorrecta y la reutilizaci\u00f3n de credenciales en la pila Bluetooth LE del firmware de bloqueo inteligente Ultraloq UL3 de segunda generaci\u00f3n 02.27.0012 permiten a un atacante detectar el c\u00f3digo de desbloqueo y desbloquear el dispositivo mientras se encuentra dentro del alcance de Bluetooth." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-475xx/CVE-2022-47531.json b/CVE-2022/CVE-2022-475xx/CVE-2022-47531.json index 581f08bb934..80c04d900d5 100644 --- a/CVE-2022/CVE-2022-475xx/CVE-2022-47531.json +++ b/CVE-2022/CVE-2022-475xx/CVE-2022-47531.json @@ -2,12 +2,16 @@ "id": "CVE-2022-47531", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-05T06:15:48.367", - "lastModified": "2023-12-05T06:15:48.367", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue was discovered in Ericsson Evolved Packet Gateway (EPG) versions 3.x before 3.25 and 2.x before 2.16, allows authenticated users to bypass system CLI and execute commands they are authorized to execute directly in the UNIX shell." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en las versiones 3.x anteriores a 3.25 y 2.x anteriores a 2.16 de Ericsson Evolved Packet Gateway (EPG), que permite a los usuarios autenticados omitir la Interfaz de L\u00ednea de Comandos (CLI) del sistema y ejecutar comandos que est\u00e1n autorizados a ejecutar directamente en el shell de UNIX." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-211xx/CVE-2023-21162.json b/CVE-2023/CVE-2023-211xx/CVE-2023-21162.json index 0361be0c51e..81a1fc90f46 100644 --- a/CVE-2023/CVE-2023-211xx/CVE-2023-21162.json +++ b/CVE-2023/CVE-2023-211xx/CVE-2023-21162.json @@ -2,12 +2,16 @@ "id": "CVE-2023-21162", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:22.217", - "lastModified": "2023-12-05T00:15:07.520", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "There is elevation of privilege." + }, + { + "lang": "es", + "value": "Hay elevaci\u00f3n de privilegios." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-211xx/CVE-2023-21163.json b/CVE-2023/CVE-2023-211xx/CVE-2023-21163.json index 68064185ffa..95dfffcb981 100644 --- a/CVE-2023/CVE-2023-211xx/CVE-2023-21163.json +++ b/CVE-2023/CVE-2023-211xx/CVE-2023-21163.json @@ -2,12 +2,16 @@ "id": "CVE-2023-21163", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:22.377", - "lastModified": "2023-12-05T00:15:07.567", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "There is elevation of privilege." + }, + { + "lang": "es", + "value": "Hay elevaci\u00f3n de privilegios." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-211xx/CVE-2023-21164.json b/CVE-2023/CVE-2023-211xx/CVE-2023-21164.json index 51e060c4177..bb4679b065c 100644 --- a/CVE-2023/CVE-2023-211xx/CVE-2023-21164.json +++ b/CVE-2023/CVE-2023-211xx/CVE-2023-21164.json @@ -2,12 +2,16 @@ "id": "CVE-2023-21164", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:22.430", - "lastModified": "2023-12-05T00:15:07.607", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "There is elevation of privilege." + }, + { + "lang": "es", + "value": "Hay elevaci\u00f3n de privilegios." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-211xx/CVE-2023-21166.json b/CVE-2023/CVE-2023-211xx/CVE-2023-21166.json index 890a7a7112e..9cf046764d7 100644 --- a/CVE-2023/CVE-2023-211xx/CVE-2023-21166.json +++ b/CVE-2023/CVE-2023-211xx/CVE-2023-21166.json @@ -2,12 +2,16 @@ "id": "CVE-2023-21166", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:22.477", - "lastModified": "2023-12-05T00:15:07.650", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "There is elevation of privilege." + }, + { + "lang": "es", + "value": "Hay elevaci\u00f3n de privilegios." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21215.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21215.json index 8cdaa5fd60e..a936598460f 100644 --- a/CVE-2023/CVE-2023-212xx/CVE-2023-21215.json +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21215.json @@ -2,12 +2,16 @@ "id": "CVE-2023-21215", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:22.523", - "lastModified": "2023-12-05T00:15:07.690", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "There is elevation of privilege." + }, + { + "lang": "es", + "value": "Hay elevaci\u00f3n de privilegios." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21216.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21216.json index dff7a851da4..5400d3ce21f 100644 --- a/CVE-2023/CVE-2023-212xx/CVE-2023-21216.json +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21216.json @@ -2,12 +2,16 @@ "id": "CVE-2023-21216", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:22.570", - "lastModified": "2023-12-05T00:15:07.730", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "There is elevation of privilege." + }, + { + "lang": "es", + "value": "Hay elevaci\u00f3n de privilegios." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21217.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21217.json index e0ed2767cbe..4cb221adaa3 100644 --- a/CVE-2023/CVE-2023-212xx/CVE-2023-21217.json +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21217.json @@ -2,12 +2,16 @@ "id": "CVE-2023-21217", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:22.617", - "lastModified": "2023-12-05T00:15:07.770", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "There is elevation of privilege." + }, + { + "lang": "es", + "value": "Hay elevaci\u00f3n de privilegios." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21218.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21218.json index 8dfae913d4f..f45fb5aa82f 100644 --- a/CVE-2023/CVE-2023-212xx/CVE-2023-21218.json +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21218.json @@ -2,12 +2,16 @@ "id": "CVE-2023-21218", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:22.667", - "lastModified": "2023-12-05T00:15:07.810", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "There is elevation of privilege." + }, + { + "lang": "es", + "value": "Hay elevaci\u00f3n de privilegios." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21227.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21227.json index 36fea23a53e..31d0ba5173e 100644 --- a/CVE-2023/CVE-2023-212xx/CVE-2023-21227.json +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21227.json @@ -2,12 +2,16 @@ "id": "CVE-2023-21227", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:22.720", - "lastModified": "2023-12-05T00:15:07.857", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "There is information disclosure." + }, + { + "lang": "es", + "value": "Hay divulgaci\u00f3n de informaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21228.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21228.json index 422f1e0bb8b..5ad208a4316 100644 --- a/CVE-2023/CVE-2023-212xx/CVE-2023-21228.json +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21228.json @@ -2,12 +2,16 @@ "id": "CVE-2023-21228", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:22.767", - "lastModified": "2023-12-05T00:15:07.900", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "There is elevation of privilege." + }, + { + "lang": "es", + "value": "Hay elevaci\u00f3n de privilegios." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21263.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21263.json index 71160ddbb13..1a1494d3c46 100644 --- a/CVE-2023/CVE-2023-212xx/CVE-2023-21263.json +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21263.json @@ -2,12 +2,16 @@ "id": "CVE-2023-21263", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:22.813", - "lastModified": "2023-12-05T00:15:07.940", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "There is elevation of privilege." + }, + { + "lang": "es", + "value": "Hay elevaci\u00f3n de privilegios." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-214xx/CVE-2023-21401.json b/CVE-2023/CVE-2023-214xx/CVE-2023-21401.json index fb20d1b3dca..584481a108c 100644 --- a/CVE-2023/CVE-2023-214xx/CVE-2023-21401.json +++ b/CVE-2023/CVE-2023-214xx/CVE-2023-21401.json @@ -2,12 +2,16 @@ "id": "CVE-2023-21401", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:22.970", - "lastModified": "2023-12-05T00:15:07.983", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "There is elevation of privilege." + }, + { + "lang": "es", + "value": "Hay elevaci\u00f3n de privilegios." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-214xx/CVE-2023-21402.json b/CVE-2023/CVE-2023-214xx/CVE-2023-21402.json index 13c704712cf..4adba86acda 100644 --- a/CVE-2023/CVE-2023-214xx/CVE-2023-21402.json +++ b/CVE-2023/CVE-2023-214xx/CVE-2023-21402.json @@ -2,12 +2,16 @@ "id": "CVE-2023-21402", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:23.027", - "lastModified": "2023-12-05T00:15:08.020", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "There is elevation of privilege." + }, + { + "lang": "es", + "value": "Hay elevaci\u00f3n de privilegios." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-214xx/CVE-2023-21403.json b/CVE-2023/CVE-2023-214xx/CVE-2023-21403.json index 1c55c900853..d4d69e1c249 100644 --- a/CVE-2023/CVE-2023-214xx/CVE-2023-21403.json +++ b/CVE-2023/CVE-2023-214xx/CVE-2023-21403.json @@ -2,12 +2,16 @@ "id": "CVE-2023-21403", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:23.070", - "lastModified": "2023-12-05T00:15:08.063", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "There is elevation of privilege." + }, + { + "lang": "es", + "value": "Hay elevaci\u00f3n de privilegios." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-216xx/CVE-2023-21634.json b/CVE-2023/CVE-2023-216xx/CVE-2023-21634.json index 676eca6bfb4..0a4d92f5767 100644 --- a/CVE-2023/CVE-2023-216xx/CVE-2023-21634.json +++ b/CVE-2023/CVE-2023-216xx/CVE-2023-21634.json @@ -2,12 +2,16 @@ "id": "CVE-2023-21634", "sourceIdentifier": "product-security@qualcomm.com", "published": "2023-12-05T03:15:08.120", - "lastModified": "2023-12-05T03:15:08.120", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Memory Corruption in Radio Interface Layer while sending an SMS or writing an SMS to SIM." + }, + { + "lang": "es", + "value": "Corrupci\u00f3n de la memoria en la capa de interfaz de radio al enviar un SMS o escribir un SMS en la SIM." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-223xx/CVE-2023-22383.json b/CVE-2023/CVE-2023-223xx/CVE-2023-22383.json index 8e069b65378..a3004cf688a 100644 --- a/CVE-2023/CVE-2023-223xx/CVE-2023-22383.json +++ b/CVE-2023/CVE-2023-223xx/CVE-2023-22383.json @@ -2,12 +2,16 @@ "id": "CVE-2023-22383", "sourceIdentifier": "product-security@qualcomm.com", "published": "2023-12-05T03:15:08.350", - "lastModified": "2023-12-05T03:15:08.350", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Memory Corruption in camera while installing a fd for a particular DMA buffer." + }, + { + "lang": "es", + "value": "Corrupci\u00f3n de la memoria en la c\u00e1mara al instalar un fd para un b\u00fafer DMA en particular." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-226xx/CVE-2023-22668.json b/CVE-2023/CVE-2023-226xx/CVE-2023-22668.json index 4d9f2bb9517..7741a3797a9 100644 --- a/CVE-2023/CVE-2023-226xx/CVE-2023-22668.json +++ b/CVE-2023/CVE-2023-226xx/CVE-2023-22668.json @@ -2,12 +2,16 @@ "id": "CVE-2023-22668", "sourceIdentifier": "product-security@qualcomm.com", "published": "2023-12-05T03:15:08.520", - "lastModified": "2023-12-05T03:15:08.520", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Memory Corruption in Audio while invoking IOCTLs calls from the user-space." + }, + { + "lang": "es", + "value": "Corrupci\u00f3n de la memoria en el audio al invocar llamadas IOCTL desde el espacio de usuario." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-240xx/CVE-2023-24046.json b/CVE-2023/CVE-2023-240xx/CVE-2023-24046.json index 663bd718c69..32b3c34d1b6 100644 --- a/CVE-2023/CVE-2023-240xx/CVE-2023-24046.json +++ b/CVE-2023/CVE-2023-240xx/CVE-2023-24046.json @@ -2,12 +2,16 @@ "id": "CVE-2023-24046", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-04T23:15:23.123", - "lastModified": "2023-12-04T23:15:23.123", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary commands via use of a crafted string in the ping utility." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en Connectize AC21000 G6 641.139.1.1256 que permite a los atacantes ejecutar comandos arbitrarios mediante el uso de una cadena manipulada en la utilidad ping." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-240xx/CVE-2023-24047.json b/CVE-2023/CVE-2023-240xx/CVE-2023-24047.json index 1cceb8501d1..c7f961bb29b 100644 --- a/CVE-2023/CVE-2023-240xx/CVE-2023-24047.json +++ b/CVE-2023/CVE-2023-240xx/CVE-2023-24047.json @@ -2,12 +2,16 @@ "id": "CVE-2023-24047", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-04T23:15:23.173", - "lastModified": "2023-12-04T23:15:23.173", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An Insecure Credential Management issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via use of weak hashing algorithm." + }, + { + "lang": "es", + "value": "Un problema de administraci\u00f3n de credenciales inseguras descubierto en Connectize AC21000 G6 641.139.1.1256 permite a los atacantes obtener privilegios aumentados mediante el uso de un algoritmo de hash d\u00e9bil." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-240xx/CVE-2023-24048.json b/CVE-2023/CVE-2023-240xx/CVE-2023-24048.json index 1f54377a698..98997e93aab 100644 --- a/CVE-2023/CVE-2023-240xx/CVE-2023-24048.json +++ b/CVE-2023/CVE-2023-240xx/CVE-2023-24048.json @@ -2,12 +2,16 @@ "id": "CVE-2023-24048", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-04T23:15:23.220", - "lastModified": "2023-12-04T23:15:23.220", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross Site Request Forgery (CSRF) vulnerability in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via crafted GET request to /man_password.htm." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross Site Request Forgery (CSRF) en Connectize AC21000 G6 641.139.1.1256 permite a los atacantes obtener el control del dispositivo mediante una solicitud GET manipulada a /man_password.htm." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-240xx/CVE-2023-24049.json b/CVE-2023/CVE-2023-240xx/CVE-2023-24049.json index e729a5b6d6d..46eccba66c5 100644 --- a/CVE-2023/CVE-2023-240xx/CVE-2023-24049.json +++ b/CVE-2023/CVE-2023-240xx/CVE-2023-24049.json @@ -2,12 +2,16 @@ "id": "CVE-2023-24049", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-04T23:15:23.263", - "lastModified": "2023-12-04T23:15:23.263", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges on the device via poor credential management." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en Connectize AC21000 G6 641.139.1.1256 que permite a los atacantes obtener privilegios elevados en el dispositivo a trav\u00e9s de una mala gesti\u00f3n de credenciales." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-240xx/CVE-2023-24050.json b/CVE-2023/CVE-2023-240xx/CVE-2023-24050.json index e96cb70dcca..7ed180969b9 100644 --- a/CVE-2023/CVE-2023-240xx/CVE-2023-24050.json +++ b/CVE-2023/CVE-2023-240xx/CVE-2023-24050.json @@ -2,12 +2,16 @@ "id": "CVE-2023-24050", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-04T23:15:23.320", - "lastModified": "2023-12-04T23:15:23.320", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross Site Scripting (XSS) vulnerability in Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary code via crafted string when setting the Wi-Fi password in the admin panel." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross Site Scripting (XSS) en Connectize AC21000 G6 641.139.1.1256 permite a atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de una cadena manipulada al configurar la contrase\u00f1a de Wi-Fi en el panel de administraci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-240xx/CVE-2023-24051.json b/CVE-2023/CVE-2023-240xx/CVE-2023-24051.json index 6a531ba44be..30efdbdb9bd 100644 --- a/CVE-2023/CVE-2023-240xx/CVE-2023-24051.json +++ b/CVE-2023/CVE-2023-240xx/CVE-2023-24051.json @@ -2,12 +2,16 @@ "id": "CVE-2023-24051", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-04T23:15:23.367", - "lastModified": "2023-12-04T23:15:23.367", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A client side rate limit issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via brute force style attacks." + }, + { + "lang": "es", + "value": "Un problema de l\u00edmite de velocidad del lado del cliente descubierto en Connectize AC21000 G6 641.139.1.1256 permite a los atacantes obtener privilegios aumentados mediante ataques de fuerza bruta." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-240xx/CVE-2023-24052.json b/CVE-2023/CVE-2023-240xx/CVE-2023-24052.json index a08d550077c..3d4b0aa276c 100644 --- a/CVE-2023/CVE-2023-240xx/CVE-2023-24052.json +++ b/CVE-2023/CVE-2023-240xx/CVE-2023-24052.json @@ -2,12 +2,16 @@ "id": "CVE-2023-24052", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-04T23:15:23.410", - "lastModified": "2023-12-04T23:15:23.410", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via the change password functionality as it does not prompt for the current password." + }, + { + "lang": "es", + "value": "Un problema descubierto en Connectize AC21000 G6 641.139.1.1256 permite a los atacantes obtener el control del dispositivo a trav\u00e9s de la funci\u00f3n de cambio de contrase\u00f1a, ya que no solicita la contrase\u00f1a actual." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-269xx/CVE-2023-26941.json b/CVE-2023/CVE-2023-269xx/CVE-2023-26941.json index 2902c5b8485..33884e8b814 100644 --- a/CVE-2023/CVE-2023-269xx/CVE-2023-26941.json +++ b/CVE-2023/CVE-2023-269xx/CVE-2023-26941.json @@ -2,12 +2,16 @@ "id": "CVE-2023-26941", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-05T00:15:08.110", - "lastModified": "2023-12-05T00:15:08.110", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Weak encryption mechanisms in RFID Tags in Yale Conexis L1 v1.1.0 allows attackers to create a cloned tag via physical proximity to the original." + }, + { + "lang": "es", + "value": "Los d\u00e9biles mecanismos de cifrado en las etiquetas RFID en Yale Conexis L1 v1.1.0 permiten a los atacantes crear una etiqueta clonada a trav\u00e9s de la proximidad f\u00edsica a la original." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-269xx/CVE-2023-26942.json b/CVE-2023/CVE-2023-269xx/CVE-2023-26942.json index 824fe77184f..e66d40bc725 100644 --- a/CVE-2023/CVE-2023-269xx/CVE-2023-26942.json +++ b/CVE-2023/CVE-2023-269xx/CVE-2023-26942.json @@ -2,12 +2,16 @@ "id": "CVE-2023-26942", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-05T00:15:08.163", - "lastModified": "2023-12-05T00:15:08.163", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Weak encryption mechanisms in RFID Tags in Yale IA-210 Alarm v1.0 allows attackers to create a cloned tag via physical proximity to the original." + }, + { + "lang": "es", + "value": "Mecanismos de cifrado d\u00e9biles en etiquetas RFID en Yale IA-210 Alarm v1.0 permiten a los atacantes crear una etiqueta clonada a trav\u00e9s de la proximidad f\u00edsica al original." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-269xx/CVE-2023-26943.json b/CVE-2023/CVE-2023-269xx/CVE-2023-26943.json index 33cd83ff9fe..7d557ea490c 100644 --- a/CVE-2023/CVE-2023-269xx/CVE-2023-26943.json +++ b/CVE-2023/CVE-2023-269xx/CVE-2023-26943.json @@ -2,12 +2,16 @@ "id": "CVE-2023-26943", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-05T00:15:08.227", - "lastModified": "2023-12-05T00:15:08.227", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allows attackers to create a cloned tag via physical proximity to the original." + }, + { + "lang": "es", + "value": "Los d\u00e9biles mecanismos de cifrado en las etiquetas RFID en Yale Keyless Lock v1.0 permiten a los atacantes crear una etiqueta clonada a trav\u00e9s de la proximidad f\u00edsica a la original." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-285xx/CVE-2023-28546.json b/CVE-2023/CVE-2023-285xx/CVE-2023-28546.json index 7fc04979d3e..bbd745d1c22 100644 --- a/CVE-2023/CVE-2023-285xx/CVE-2023-28546.json +++ b/CVE-2023/CVE-2023-285xx/CVE-2023-28546.json @@ -2,12 +2,16 @@ "id": "CVE-2023-28546", "sourceIdentifier": "product-security@qualcomm.com", "published": "2023-12-05T03:15:08.690", - "lastModified": "2023-12-05T03:15:08.690", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Memory Corruption in SPS Application while exporting public key in sorter TA." + }, + { + "lang": "es", + "value": "Corrupci\u00f3n de la memoria en la aplicaci\u00f3n SPS al exportar la clave p\u00fablica en el clasificador TA." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-285xx/CVE-2023-28550.json b/CVE-2023/CVE-2023-285xx/CVE-2023-28550.json index 930abb35fb8..e2d198820c6 100644 --- a/CVE-2023/CVE-2023-285xx/CVE-2023-28550.json +++ b/CVE-2023/CVE-2023-285xx/CVE-2023-28550.json @@ -2,12 +2,16 @@ "id": "CVE-2023-28550", "sourceIdentifier": "product-security@qualcomm.com", "published": "2023-12-05T03:15:08.870", - "lastModified": "2023-12-05T03:15:08.870", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Memory corruption in MPP performance while accessing DSM watermark using external memory address." + }, + { + "lang": "es", + "value": "Corrupci\u00f3n de la memoria en el rendimiento de MPP al acceder a la marca de agua DSM mediante una direcci\u00f3n de memoria externa." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-285xx/CVE-2023-28551.json b/CVE-2023/CVE-2023-285xx/CVE-2023-28551.json index 228277f917b..9847ff2d550 100644 --- a/CVE-2023/CVE-2023-285xx/CVE-2023-28551.json +++ b/CVE-2023/CVE-2023-285xx/CVE-2023-28551.json @@ -2,12 +2,16 @@ "id": "CVE-2023-28551", "sourceIdentifier": "product-security@qualcomm.com", "published": "2023-12-05T03:15:09.053", - "lastModified": "2023-12-05T03:15:09.053", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments." + }, + { + "lang": "es", + "value": "Corrupci\u00f3n de la memoria en UTILS cuando el m\u00f3dem procesa comandos Diag espec\u00edficos de la memoria que tienen valores de direcci\u00f3n arbitrarios como argumentos de entrada." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-285xx/CVE-2023-28579.json b/CVE-2023/CVE-2023-285xx/CVE-2023-28579.json index 0867bca50c6..3e672326339 100644 --- a/CVE-2023/CVE-2023-285xx/CVE-2023-28579.json +++ b/CVE-2023/CVE-2023-285xx/CVE-2023-28579.json @@ -2,12 +2,16 @@ "id": "CVE-2023-28579", "sourceIdentifier": "product-security@qualcomm.com", "published": "2023-12-05T03:15:09.233", - "lastModified": "2023-12-05T03:15:09.233", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Memory Corruption in WLAN Host while deserializing the input PMK bytes without checking the input PMK length." + }, + { + "lang": "es", + "value": "Corrupci\u00f3n de la memoria en el host WLAN al deserializar los bytes PMK de entrada sin verificar la longitud del PMK de entrada." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-285xx/CVE-2023-28580.json b/CVE-2023/CVE-2023-285xx/CVE-2023-28580.json index f29fd99942f..e499d4f7add 100644 --- a/CVE-2023/CVE-2023-285xx/CVE-2023-28580.json +++ b/CVE-2023/CVE-2023-285xx/CVE-2023-28580.json @@ -2,12 +2,16 @@ "id": "CVE-2023-28580", "sourceIdentifier": "product-security@qualcomm.com", "published": "2023-12-05T03:15:09.390", - "lastModified": "2023-12-05T03:15:09.390", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Memory corruption in WLAN Host while setting the PMK length in PMK length in internal cache." + }, + { + "lang": "es", + "value": "Corrupci\u00f3n de la memoria en el host WLAN al configurar la longitud de PMK en la longitud de PMK en la memoria cach\u00e9 interna." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-285xx/CVE-2023-28585.json b/CVE-2023/CVE-2023-285xx/CVE-2023-28585.json index b88636a52c8..996aabe8e4e 100644 --- a/CVE-2023/CVE-2023-285xx/CVE-2023-28585.json +++ b/CVE-2023/CVE-2023-285xx/CVE-2023-28585.json @@ -2,12 +2,16 @@ "id": "CVE-2023-28585", "sourceIdentifier": "product-security@qualcomm.com", "published": "2023-12-05T03:15:09.563", - "lastModified": "2023-12-05T03:15:09.563", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Memory corruption while loading an ELF segment in TEE Kernel." + }, + { + "lang": "es", + "value": "Corrupci\u00f3n de la memoria al cargar un segmento ELF en TEE Kernel." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-285xx/CVE-2023-28586.json b/CVE-2023/CVE-2023-285xx/CVE-2023-28586.json index ddb5557939e..3b02f13dc54 100644 --- a/CVE-2023/CVE-2023-285xx/CVE-2023-28586.json +++ b/CVE-2023/CVE-2023-285xx/CVE-2023-28586.json @@ -2,12 +2,16 @@ "id": "CVE-2023-28586", "sourceIdentifier": "product-security@qualcomm.com", "published": "2023-12-05T03:15:09.750", - "lastModified": "2023-12-05T03:15:09.750", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE." + }, + { + "lang": "es", + "value": "Divulgaci\u00f3n de informaci\u00f3n cuando se accede a las direcciones de s\u00edmbolos de metadatos de la aplicaci\u00f3n confiable mientras se carga un ELF en TEE." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-285xx/CVE-2023-28587.json b/CVE-2023/CVE-2023-285xx/CVE-2023-28587.json index b8beb454936..b4457951fea 100644 --- a/CVE-2023/CVE-2023-285xx/CVE-2023-28587.json +++ b/CVE-2023/CVE-2023-285xx/CVE-2023-28587.json @@ -2,12 +2,16 @@ "id": "CVE-2023-28587", "sourceIdentifier": "product-security@qualcomm.com", "published": "2023-12-05T03:15:09.927", - "lastModified": "2023-12-05T03:15:09.927", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level." + }, + { + "lang": "es", + "value": "Corrupci\u00f3n de la memoria en el controlador BT al analizar comandos de depuraci\u00f3n con subc\u00f3digos de operaci\u00f3n espec\u00edficos en el nivel de la interfaz HCI." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-285xx/CVE-2023-28588.json b/CVE-2023/CVE-2023-285xx/CVE-2023-28588.json index 335f95efea7..ff7ec209112 100644 --- a/CVE-2023/CVE-2023-285xx/CVE-2023-28588.json +++ b/CVE-2023/CVE-2023-285xx/CVE-2023-28588.json @@ -2,12 +2,16 @@ "id": "CVE-2023-28588", "sourceIdentifier": "product-security@qualcomm.com", "published": "2023-12-05T03:15:10.103", - "lastModified": "2023-12-05T03:15:10.103", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Transient DOS in Bluetooth Host while rfc slot allocation." + }, + { + "lang": "es", + "value": "DOS transitorio en el host Bluetooth mientras se asigna la ranura RFC." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29060.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29060.json index 72e6104dcfb..8aa71ef5036 100644 --- a/CVE-2023/CVE-2023-290xx/CVE-2023-29060.json +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29060.json @@ -2,7 +2,7 @@ "id": "CVE-2023-29060", "sourceIdentifier": "cybersecurity@bd.com", "published": "2023-11-28T20:15:07.230", - "lastModified": "2023-12-04T19:20:46.467", + "lastModified": "2023-12-05T14:44:26.333", "vulnStatus": "Analyzed", "descriptions": [ { @@ -90,13 +90,13 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:o:bd:facschorus:5.0:*:*:*:*:*:*:*", - "matchCriteriaId": "08A354DA-E696-4B53-BBE8-66ED253E25E6" + "criteria": "cpe:2.3:a:bd:facschorus:5.0:*:*:*:*:*:*:*", + "matchCriteriaId": "4D5E0D4F-559B-414E-A627-0BA0937BD7F1" }, { "vulnerable": true, - "criteria": "cpe:2.3:o:bd:facschorus:5.1:*:*:*:*:*:*:*", - "matchCriteriaId": "080F50E4-B7F3-4B1D-ADCB-4887BD14C322" + "criteria": "cpe:2.3:a:bd:facschorus:5.1:*:*:*:*:*:*:*", + "matchCriteriaId": "57F63FB2-2AE2-4B5F-8B49-4A0A4549CF3E" } ] }, @@ -122,13 +122,13 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:o:bd:facschorus:3.0:*:*:*:*:*:*:*", - "matchCriteriaId": "725BD060-6D59-430C-80F1-BE086F0844E8" + "criteria": "cpe:2.3:a:bd:facschorus:3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2785D17E-800C-4772-A131-5737E9446C01" }, { "vulnerable": true, - "criteria": "cpe:2.3:o:bd:facschorus:3.1:*:*:*:*:*:*:*", - "matchCriteriaId": "1EFDBAC8-AAD8-44D6-A309-14A3DF5A157C" + "criteria": "cpe:2.3:a:bd:facschorus:3.1:*:*:*:*:*:*:*", + "matchCriteriaId": "30FD1DE4-982F-4D14-BB8A-478F8430BC63" } ] }, diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29061.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29061.json index 8d2a4cd89e1..e719a5c67a9 100644 --- a/CVE-2023/CVE-2023-290xx/CVE-2023-29061.json +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29061.json @@ -2,7 +2,7 @@ "id": "CVE-2023-29061", "sourceIdentifier": "cybersecurity@bd.com", "published": "2023-11-28T21:15:07.257", - "lastModified": "2023-12-04T19:52:25.550", + "lastModified": "2023-12-05T14:45:46.417", "vulnStatus": "Analyzed", "descriptions": [ { @@ -90,13 +90,13 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:o:bd:facschorus:5.0:*:*:*:*:*:*:*", - "matchCriteriaId": "08A354DA-E696-4B53-BBE8-66ED253E25E6" + "criteria": "cpe:2.3:a:bd:facschorus:5.0:*:*:*:*:*:*:*", + "matchCriteriaId": "4D5E0D4F-559B-414E-A627-0BA0937BD7F1" }, { "vulnerable": true, - "criteria": "cpe:2.3:o:bd:facschorus:5.1:*:*:*:*:*:*:*", - "matchCriteriaId": "080F50E4-B7F3-4B1D-ADCB-4887BD14C322" + "criteria": "cpe:2.3:a:bd:facschorus:5.1:*:*:*:*:*:*:*", + "matchCriteriaId": "57F63FB2-2AE2-4B5F-8B49-4A0A4549CF3E" } ] }, @@ -122,13 +122,13 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:o:bd:facschorus:3.0:*:*:*:*:*:*:*", - "matchCriteriaId": "725BD060-6D59-430C-80F1-BE086F0844E8" + "criteria": "cpe:2.3:a:bd:facschorus:3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2785D17E-800C-4772-A131-5737E9446C01" }, { "vulnerable": true, - "criteria": "cpe:2.3:o:bd:facschorus:3.1:*:*:*:*:*:*:*", - "matchCriteriaId": "1EFDBAC8-AAD8-44D6-A309-14A3DF5A157C" + "criteria": "cpe:2.3:a:bd:facschorus:3.1:*:*:*:*:*:*:*", + "matchCriteriaId": "30FD1DE4-982F-4D14-BB8A-478F8430BC63" } ] }, diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29062.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29062.json index 47d097e91c9..c40620e4cb7 100644 --- a/CVE-2023/CVE-2023-290xx/CVE-2023-29062.json +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29062.json @@ -2,7 +2,7 @@ "id": "CVE-2023-29062", "sourceIdentifier": "cybersecurity@bd.com", "published": "2023-11-28T21:15:07.440", - "lastModified": "2023-12-04T19:55:58.290", + "lastModified": "2023-12-05T14:44:47.873", "vulnStatus": "Analyzed", "descriptions": [ { @@ -90,13 +90,13 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:o:bd:facschorus:5.0:*:*:*:*:*:*:*", - "matchCriteriaId": "08A354DA-E696-4B53-BBE8-66ED253E25E6" + "criteria": "cpe:2.3:a:bd:facschorus:5.0:*:*:*:*:*:*:*", + "matchCriteriaId": "4D5E0D4F-559B-414E-A627-0BA0937BD7F1" }, { "vulnerable": true, - "criteria": "cpe:2.3:o:bd:facschorus:5.1:*:*:*:*:*:*:*", - "matchCriteriaId": "080F50E4-B7F3-4B1D-ADCB-4887BD14C322" + "criteria": "cpe:2.3:a:bd:facschorus:5.1:*:*:*:*:*:*:*", + "matchCriteriaId": "57F63FB2-2AE2-4B5F-8B49-4A0A4549CF3E" } ] }, @@ -122,13 +122,13 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:o:bd:facschorus:3.0:*:*:*:*:*:*:*", - "matchCriteriaId": "725BD060-6D59-430C-80F1-BE086F0844E8" + "criteria": "cpe:2.3:a:bd:facschorus:3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2785D17E-800C-4772-A131-5737E9446C01" }, { "vulnerable": true, - "criteria": "cpe:2.3:o:bd:facschorus:3.1:*:*:*:*:*:*:*", - "matchCriteriaId": "1EFDBAC8-AAD8-44D6-A309-14A3DF5A157C" + "criteria": "cpe:2.3:a:bd:facschorus:3.1:*:*:*:*:*:*:*", + "matchCriteriaId": "30FD1DE4-982F-4D14-BB8A-478F8430BC63" } ] }, diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29063.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29063.json index 99f137eb2e2..5d78bf0c5ab 100644 --- a/CVE-2023/CVE-2023-290xx/CVE-2023-29063.json +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29063.json @@ -2,7 +2,7 @@ "id": "CVE-2023-29063", "sourceIdentifier": "cybersecurity@bd.com", "published": "2023-11-28T21:15:07.613", - "lastModified": "2023-12-04T19:57:56.117", + "lastModified": "2023-12-05T14:45:30.123", "vulnStatus": "Analyzed", "descriptions": [ { @@ -90,13 +90,13 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:o:bd:facschorus:5.0:*:*:*:*:*:*:*", - "matchCriteriaId": "08A354DA-E696-4B53-BBE8-66ED253E25E6" + "criteria": "cpe:2.3:a:bd:facschorus:5.0:*:*:*:*:*:*:*", + "matchCriteriaId": "4D5E0D4F-559B-414E-A627-0BA0937BD7F1" }, { "vulnerable": true, - "criteria": "cpe:2.3:o:bd:facschorus:5.1:*:*:*:*:*:*:*", - "matchCriteriaId": "080F50E4-B7F3-4B1D-ADCB-4887BD14C322" + "criteria": "cpe:2.3:a:bd:facschorus:5.1:*:*:*:*:*:*:*", + "matchCriteriaId": "57F63FB2-2AE2-4B5F-8B49-4A0A4549CF3E" } ] }, @@ -122,13 +122,13 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:o:bd:facschorus:3.0:*:*:*:*:*:*:*", - "matchCriteriaId": "725BD060-6D59-430C-80F1-BE086F0844E8" + "criteria": "cpe:2.3:a:bd:facschorus:3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2785D17E-800C-4772-A131-5737E9446C01" }, { "vulnerable": true, - "criteria": "cpe:2.3:o:bd:facschorus:3.1:*:*:*:*:*:*:*", - "matchCriteriaId": "1EFDBAC8-AAD8-44D6-A309-14A3DF5A157C" + "criteria": "cpe:2.3:a:bd:facschorus:3.1:*:*:*:*:*:*:*", + "matchCriteriaId": "30FD1DE4-982F-4D14-BB8A-478F8430BC63" } ] }, diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29064.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29064.json index 3a728bc03a9..77f25b46f47 100644 --- a/CVE-2023/CVE-2023-290xx/CVE-2023-29064.json +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29064.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29064", "sourceIdentifier": "cybersecurity@bd.com", "published": "2023-11-28T21:15:07.800", - "lastModified": "2023-11-29T14:18:11.973", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-05T14:54:35.220", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 3.4 + }, { "source": "cybersecurity@bd.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + }, { "source": "cybersecurity@bd.com", "type": "Secondary", @@ -50,10 +80,79 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bd:facschorus:5.0:*:*:*:*:*:*:*", + "matchCriteriaId": "4D5E0D4F-559B-414E-A627-0BA0937BD7F1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bd:facschorus:5.1:*:*:*:*:*:*:*", + "matchCriteriaId": "57F63FB2-2AE2-4B5F-8B49-4A0A4549CF3E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hp:hp_z2_tower_g9:-:*:*:*:*:*:*:*", + "matchCriteriaId": "54279DE4-A2A4-4AA6-A05F-931094446F16" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bd:facschorus:3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2785D17E-800C-4772-A131-5737E9446C01" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bd:facschorus:3.1:*:*:*:*:*:*:*", + "matchCriteriaId": "30FD1DE4-982F-4D14-BB8A-478F8430BC63" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hp:hp_z2_tower_g5:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7E9BA28D-9C14-435A-9786-222BE58A9258" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software", - "source": "cybersecurity@bd.com" + "source": "cybersecurity@bd.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29065.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29065.json index 33007d2569f..dc8c0a5e514 100644 --- a/CVE-2023/CVE-2023-290xx/CVE-2023-29065.json +++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29065.json @@ -2,8 +2,8 @@ "id": "CVE-2023-29065", "sourceIdentifier": "cybersecurity@bd.com", "published": "2023-11-28T21:15:07.990", - "lastModified": "2023-11-29T14:18:11.973", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-05T14:59:07.577", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 3.4 + }, { "source": "cybersecurity@bd.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-732" + } + ] + }, { "source": "cybersecurity@bd.com", "type": "Secondary", @@ -50,10 +80,79 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bd:facschorus:5.0:*:*:*:*:*:*:*", + "matchCriteriaId": "4D5E0D4F-559B-414E-A627-0BA0937BD7F1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bd:facschorus:5.1:*:*:*:*:*:*:*", + "matchCriteriaId": "57F63FB2-2AE2-4B5F-8B49-4A0A4549CF3E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hp:hp_z2_tower_g9:-:*:*:*:*:*:*:*", + "matchCriteriaId": "54279DE4-A2A4-4AA6-A05F-931094446F16" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bd:facschorus:3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2785D17E-800C-4772-A131-5737E9446C01" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bd:facschorus:3.1:*:*:*:*:*:*:*", + "matchCriteriaId": "30FD1DE4-982F-4D14-BB8A-478F8430BC63" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hp:hp_z2_tower_g5:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7E9BA28D-9C14-435A-9786-222BE58A9258" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software", - "source": "cybersecurity@bd.com" + "source": "cybersecurity@bd.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33017.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33017.json index 6bed85ac049..9f7ac62a5ce 100644 --- a/CVE-2023/CVE-2023-330xx/CVE-2023-33017.json +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33017.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33017", "sourceIdentifier": "product-security@qualcomm.com", "published": "2023-12-05T03:15:10.290", - "lastModified": "2023-12-05T03:15:10.290", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Memory corruption in Boot while running a ListVars test in UEFI Menu during boot." + }, + { + "lang": "es", + "value": "Corrupci\u00f3n de la memoria en el arranque mientras se ejecuta una prueba ListVars en el men\u00fa UEFI durante el arranque." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33018.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33018.json index a9bd8a478c7..a2b14916c50 100644 --- a/CVE-2023/CVE-2023-330xx/CVE-2023-33018.json +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33018.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33018", "sourceIdentifier": "product-security@qualcomm.com", "published": "2023-12-05T03:15:10.480", - "lastModified": "2023-12-05T03:15:10.480", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Memory corruption while using the UIM diag command to get the operators name." + }, + { + "lang": "es", + "value": "Corrupci\u00f3n de la memoria al utilizar el comando diag de User Identity Module (UIM) para obtener el nombre del operador." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33022.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33022.json index 48d3ae88013..209755b6f5f 100644 --- a/CVE-2023/CVE-2023-330xx/CVE-2023-33022.json +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33022.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33022", "sourceIdentifier": "product-security@qualcomm.com", "published": "2023-12-05T03:15:10.660", - "lastModified": "2023-12-05T03:15:10.660", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Memory corruption in HLOS while invoking IOCTL calls from user-space." + }, + { + "lang": "es", + "value": "Corrupci\u00f3n de la memoria en HLOS al invocar llamadas IOCTL desde el espacio de usuario." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33024.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33024.json index e8a0d548e98..783acaf9c8a 100644 --- a/CVE-2023/CVE-2023-330xx/CVE-2023-33024.json +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33024.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33024", "sourceIdentifier": "product-security@qualcomm.com", "published": "2023-12-05T03:15:10.833", - "lastModified": "2023-12-05T03:15:10.833", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Memory corruption while sending SMS from AP firmware." + }, + { + "lang": "es", + "value": "Corrupci\u00f3n de la memoria al enviar SMS desde el firmware AP." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33041.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33041.json index 7fcd1311bfb..6879397829b 100644 --- a/CVE-2023/CVE-2023-330xx/CVE-2023-33041.json +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33041.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33041", "sourceIdentifier": "product-security@qualcomm.com", "published": "2023-12-05T03:15:11.013", - "lastModified": "2023-12-05T03:15:11.013", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer ids." + }, + { + "lang": "es", + "value": "En ciertos escenarios, el firmware de WLAN alcanzar\u00e1 una afirmaci\u00f3n debido a una confusi\u00f3n de estado al buscar ID de pares." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33042.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33042.json index ae6fed3d188..5fddc1b0814 100644 --- a/CVE-2023/CVE-2023-330xx/CVE-2023-33042.json +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33042.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33042", "sourceIdentifier": "product-security@qualcomm.com", "published": "2023-12-05T03:15:11.187", - "lastModified": "2023-12-05T03:15:11.187", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Transient DOS in Modem after RRC Setup message is received." + }, + { + "lang": "es", + "value": "DOS transitorio en el m\u00f3dem despu\u00e9s de recibir el mensaje de configuraci\u00f3n de RRC." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33043.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33043.json index ae85e46fb2c..f4264d2e8df 100644 --- a/CVE-2023/CVE-2023-330xx/CVE-2023-33043.json +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33043.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33043", "sourceIdentifier": "product-security@qualcomm.com", "published": "2023-12-05T03:15:11.360", - "lastModified": "2023-12-05T03:15:11.360", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Transient DOS in Modem when a Beam switch request is made with a non-configured BWP." + }, + { + "lang": "es", + "value": "DOS transitorio en el m\u00f3dem cuando se realiza una solicitud de cambio de haz con un BWP no configurado." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33044.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33044.json index 7d120a99fb4..a752dd8a31c 100644 --- a/CVE-2023/CVE-2023-330xx/CVE-2023-33044.json +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33044.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33044", "sourceIdentifier": "product-security@qualcomm.com", "published": "2023-12-05T03:15:11.530", - "lastModified": "2023-12-05T03:15:11.530", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Transient DOS in Data modem while handling TLB control messages from the Network." + }, + { + "lang": "es", + "value": "DOS transitorio en m\u00f3dem de datos mientras se manejan mensajes de control TLB de la Red." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33053.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33053.json index 72fe769081a..d5463494f07 100644 --- a/CVE-2023/CVE-2023-330xx/CVE-2023-33053.json +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33053.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33053", "sourceIdentifier": "product-security@qualcomm.com", "published": "2023-12-05T03:15:11.707", - "lastModified": "2023-12-05T03:15:11.707", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Memory corruption in Kernel while parsing metadata." + }, + { + "lang": "es", + "value": "Corrupci\u00f3n de la memoria en el Kernel al analizar metadatos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33054.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33054.json index 3d4cf6eaa12..c6be8716e7c 100644 --- a/CVE-2023/CVE-2023-330xx/CVE-2023-33054.json +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33054.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33054", "sourceIdentifier": "product-security@qualcomm.com", "published": "2023-12-05T03:15:11.880", - "lastModified": "2023-12-05T03:15:11.880", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS assistance data." + }, + { + "lang": "es", + "value": "Problema criptogr\u00e1fico en el controlador GPS HLOS al descargar datos de asistencia GNSS de Qualcomm." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33063.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33063.json index 495dfa7c785..1a51ac8ddc3 100644 --- a/CVE-2023/CVE-2023-330xx/CVE-2023-33063.json +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33063.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33063", "sourceIdentifier": "product-security@qualcomm.com", "published": "2023-12-05T03:15:12.067", - "lastModified": "2023-12-05T03:15:12.067", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Memory corruption in DSP Services during a remote call from HLOS to DSP." + }, + { + "lang": "es", + "value": "Corrupci\u00f3n de la memoria en los servicios DSP durante una llamada remota de HLOS a DSP." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33070.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33070.json index 35fc394705a..a8574b90171 100644 --- a/CVE-2023/CVE-2023-330xx/CVE-2023-33070.json +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33070.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33070", "sourceIdentifier": "product-security@qualcomm.com", "published": "2023-12-05T03:15:12.253", - "lastModified": "2023-12-05T03:15:12.253", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Transient DOS in Automotive OS due to improper authentication to the secure IO calls." + }, + { + "lang": "es", + "value": "DOS transitorio en sistemas operativos automotrices debido a una autenticaci\u00f3n incorrecta en las llamadas IO seguras." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33071.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33071.json index b96e6342c13..75c5358b9c3 100644 --- a/CVE-2023/CVE-2023-330xx/CVE-2023-33071.json +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33071.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33071", "sourceIdentifier": "product-security@qualcomm.com", "published": "2023-12-05T03:15:12.433", - "lastModified": "2023-12-05T03:15:12.433", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Memory corruption in Automotive OS whenever untrusted apps try to access HAb for graphics functionalities." + }, + { + "lang": "es", + "value": "Corrupci\u00f3n de la memoria en el sistema operativo automotriz cada vez que aplicaciones que no son de confianza intentan acceder a HAb para funciones gr\u00e1ficas." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33079.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33079.json index c96ef38ec40..a5ebaae0a96 100644 --- a/CVE-2023/CVE-2023-330xx/CVE-2023-33079.json +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33079.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33079", "sourceIdentifier": "product-security@qualcomm.com", "published": "2023-12-05T03:15:12.600", - "lastModified": "2023-12-05T03:15:12.600", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Memory corruption in Audio while running invalid audio recording from ADSP." + }, + { + "lang": "es", + "value": "Corrupci\u00f3n de la memoria en audio mientras se ejecuta una grabaci\u00f3n de audio no v\u00e1lida desde ADSP." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33080.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33080.json index 031b5b2242a..3266010fda4 100644 --- a/CVE-2023/CVE-2023-330xx/CVE-2023-33080.json +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33080.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33080", "sourceIdentifier": "product-security@qualcomm.com", "published": "2023-12-05T03:15:12.773", - "lastModified": "2023-12-05T03:15:12.773", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame." + }, + { + "lang": "es", + "value": "DOS transitorio mientras se analiza un IE (elemento de informaci\u00f3n) espec\u00edfico del fabricante del frame de gesti\u00f3n de respuesta de reasociaci\u00f3n." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33081.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33081.json index 3e209628b93..2000affa0e5 100644 --- a/CVE-2023/CVE-2023-330xx/CVE-2023-33081.json +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33081.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33081", "sourceIdentifier": "product-security@qualcomm.com", "published": "2023-12-05T03:15:12.957", - "lastModified": "2023-12-05T03:15:12.957", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA broadcast." + }, + { + "lang": "es", + "value": "DOS transitorio al convertir par\u00e1metros de fotograma TWT (Target Wake Time) en la transmisi\u00f3n OTA." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33082.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33082.json index 8b6bdc372a1..cb10b673e31 100644 --- a/CVE-2023/CVE-2023-330xx/CVE-2023-33082.json +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33082.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33082", "sourceIdentifier": "product-security@qualcomm.com", "published": "2023-12-05T03:15:13.137", - "lastModified": "2023-12-05T03:15:13.137", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Memory corruption while sending an Assoc Request having BTM Query or BTM Response containing MBO IE." + }, + { + "lang": "es", + "value": "Corrupci\u00f3n de la memoria al enviar una solicitud de asociaci\u00f3n con una consulta BTM o una respuesta BTM que contiene MBO IE." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33083.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33083.json index 8a50e636ffd..c6b70ada6c4 100644 --- a/CVE-2023/CVE-2023-330xx/CVE-2023-33083.json +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33083.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33083", "sourceIdentifier": "product-security@qualcomm.com", "published": "2023-12-05T03:15:13.327", - "lastModified": "2023-12-05T03:15:13.327", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Memory corruption in WLAN Host while processing RRM beacon on the AP." + }, + { + "lang": "es", + "value": "Corrupci\u00f3n de la memoria en el host WLAN mientras se procesa beacon RRM en el AP." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33087.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33087.json index 9b74f0319f0..298c9363a15 100644 --- a/CVE-2023/CVE-2023-330xx/CVE-2023-33087.json +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33087.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33087", "sourceIdentifier": "product-security@qualcomm.com", "published": "2023-12-05T03:15:13.520", - "lastModified": "2023-12-05T03:15:13.520", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Memory corruption in Core while processing RX intent request." + }, + { + "lang": "es", + "value": "Corrupci\u00f3n de la memoria en Core mientras se procesa la solicitud de intenci\u00f3n RX." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33088.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33088.json index 8a2f6bbbcf5..1bced077d5c 100644 --- a/CVE-2023/CVE-2023-330xx/CVE-2023-33088.json +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33088.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33088", "sourceIdentifier": "product-security@qualcomm.com", "published": "2023-12-05T03:15:13.703", - "lastModified": "2023-12-05T03:15:13.703", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Memory corruption when processing cmd parameters while parsing vdev." + }, + { + "lang": "es", + "value": "Corrupci\u00f3n de la memoria al procesar par\u00e1metros cmd mientras se analiza vdev." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33089.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33089.json index 771468ee992..70e6ecd1a3a 100644 --- a/CVE-2023/CVE-2023-330xx/CVE-2023-33089.json +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33089.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33089", "sourceIdentifier": "product-security@qualcomm.com", "published": "2023-12-05T03:15:13.893", - "lastModified": "2023-12-05T03:15:13.893", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Transient DOS when processing a NULL buffer while parsing WLAN vdev." + }, + { + "lang": "es", + "value": "DOS transitorio al procesar un b\u00fafer NULL mientras se analiza WLAN vdev." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33092.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33092.json index 0fadf17253b..63f19eb8434 100644 --- a/CVE-2023/CVE-2023-330xx/CVE-2023-33092.json +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33092.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33092", "sourceIdentifier": "product-security@qualcomm.com", "published": "2023-12-05T03:15:14.143", - "lastModified": "2023-12-05T03:15:14.143", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size." + }, + { + "lang": "es", + "value": "Corrupci\u00f3n de la memoria al procesar la respuesta del PIN en Bluetooth, cuando el c\u00f3digo PIN recibido desde la capa de la APLICACI\u00d3N es mayor que el tama\u00f1o esperado." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33097.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33097.json index df79cf45514..ac6b6cfb373 100644 --- a/CVE-2023/CVE-2023-330xx/CVE-2023-33097.json +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33097.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33097", "sourceIdentifier": "product-security@qualcomm.com", "published": "2023-12-05T03:15:14.317", - "lastModified": "2023-12-05T03:15:14.317", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Transient DOS in WLAN Firmware while processing a FTMR frame." + }, + { + "lang": "es", + "value": "DOS transitorio en el firmware WLAN mientras se procesa un frame FTMR." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-330xx/CVE-2023-33098.json b/CVE-2023/CVE-2023-330xx/CVE-2023-33098.json index 1e6d6f613b8..3cf267498ce 100644 --- a/CVE-2023/CVE-2023-330xx/CVE-2023-33098.json +++ b/CVE-2023/CVE-2023-330xx/CVE-2023-33098.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33098", "sourceIdentifier": "product-security@qualcomm.com", "published": "2023-12-05T03:15:14.493", - "lastModified": "2023-12-05T03:15:14.493", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Transient DOS while parsing WPA IES, when it is passed with length more than expected size." + }, + { + "lang": "es", + "value": "DOS transitorio al analizar WPA IES, cuando se pasa con una longitud mayor que el tama\u00f1o esperado." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33106.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33106.json index c23e38feef4..28d149cca0d 100644 --- a/CVE-2023/CVE-2023-331xx/CVE-2023-33106.json +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33106.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33106", "sourceIdentifier": "product-security@qualcomm.com", "published": "2023-12-05T03:15:14.673", - "lastModified": "2023-12-05T03:15:14.673", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND." + }, + { + "lang": "es", + "value": "Corrupci\u00f3n de la memoria al enviar una lista grande de puntos de sincronizaci\u00f3n en un comando AUX al IOCTL_KGSL_GPU_AUX_COMMAND." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-331xx/CVE-2023-33107.json b/CVE-2023/CVE-2023-331xx/CVE-2023-33107.json index 7968ba6f298..a89f3d9c6fe 100644 --- a/CVE-2023/CVE-2023-331xx/CVE-2023-33107.json +++ b/CVE-2023/CVE-2023-331xx/CVE-2023-33107.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33107", "sourceIdentifier": "product-security@qualcomm.com", "published": "2023-12-05T03:15:14.860", - "lastModified": "2023-12-05T03:15:14.860", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call." + }, + { + "lang": "es", + "value": "Corrupci\u00f3n de la memoria en Graphics Linux al asignar una regi\u00f3n de memoria virtual compartida durante la llamada IOCTL." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-356xx/CVE-2023-35668.json b/CVE-2023/CVE-2023-356xx/CVE-2023-35668.json index a55bf47f82d..d30060eb5a1 100644 --- a/CVE-2023/CVE-2023-356xx/CVE-2023-35668.json +++ b/CVE-2023/CVE-2023-356xx/CVE-2023-35668.json @@ -2,12 +2,16 @@ "id": "CVE-2023-35668", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:23.460", - "lastModified": "2023-12-04T23:15:23.460", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In visitUris of Notification.java, there is a possible way to display images from another user due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En visitUris de Notification.java, existe una forma posible de mostrar im\u00e1genes de otro usuario debido a un diputado confundido. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-356xx/CVE-2023-35690.json b/CVE-2023/CVE-2023-356xx/CVE-2023-35690.json index 2ce8cd0f023..0ef782d0ea7 100644 --- a/CVE-2023/CVE-2023-356xx/CVE-2023-35690.json +++ b/CVE-2023/CVE-2023-356xx/CVE-2023-35690.json @@ -2,12 +2,16 @@ "id": "CVE-2023-35690", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:23.507", - "lastModified": "2023-12-05T00:15:08.280", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "There is elevation of privilege." + }, + { + "lang": "es", + "value": "Hay elevaci\u00f3n de privilegios." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-375xx/CVE-2023-37572.json b/CVE-2023/CVE-2023-375xx/CVE-2023-37572.json index e63d99dc599..81616920530 100644 --- a/CVE-2023/CVE-2023-375xx/CVE-2023-37572.json +++ b/CVE-2023/CVE-2023-375xx/CVE-2023-37572.json @@ -2,12 +2,16 @@ "id": "CVE-2023-37572", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-05T06:15:48.617", - "lastModified": "2023-12-05T06:15:48.617", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information via weak permissions in OSF_discovery service." + }, + { + "lang": "es", + "value": "Softing OPC Suite versi\u00f3n 5.25 y anteriores tiene un control de acceso incorrecto, lo que permite a los atacantes obtener informaci\u00f3n confidencial a trav\u00e9s de permisos d\u00e9biles en el servicio OSF_discovery." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39248.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39248.json index 669fbdf4bcc..ca0a2247716 100644 --- a/CVE-2023/CVE-2023-392xx/CVE-2023-39248.json +++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39248.json @@ -2,12 +2,16 @@ "id": "CVE-2023-39248", "sourceIdentifier": "security_alert@emc.com", "published": "2023-12-05T06:15:48.667", - "lastModified": "2023-12-05T06:15:48.667", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "\nDell OS10 Networking Switches running 10.5.2.x and above contain an Uncontrolled Resource Consumption (Denial of Service) vulnerability, when switches are configured with VLT and VRRP. A remote unauthenticated\u00a0user can cause the network to be flooded leading to Denial of Service for actual network users. This is a high severity vulnerability as it allows an attacker to cause an outage of network. Dell recommends customers to upgrade at the earliest opportunity.\n\n" + }, + { + "lang": "es", + "value": "Dell OS10 Networking Switches que ejecutan 10.5.2.x y versiones posteriores contienen una vulnerabilidad de consumo de recursos no controlado (denegaci\u00f3n de servicio) cuando los conmutadores est\u00e1n configurados con VLT y VRRP. Un usuario remoto no autenticado puede provocar que la red se inunde, lo que provocar\u00e1 una denegaci\u00f3n de servicio para los usuarios reales de la red. Esta es una vulnerabilidad de alta gravedad, ya que permite que un atacante provoque una interrupci\u00f3n de la red. Dell recomienda a los clientes actualizar lo antes posible." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40073.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40073.json index e795777e7a1..3b28c89c67a 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40073.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40073.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40073", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:23.553", - "lastModified": "2023-12-04T23:15:23.553", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In visitUris of Notification.java, there is a possible cross-user media read due to Confused Deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En visitUris de Notification.java, existe una posible lectura de medios entre usuarios debido a Confused Deputy. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40074.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40074.json index 4c04ce709c4..3377b5b205c 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40074.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40074.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40074", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:23.607", - "lastModified": "2023-12-04T23:15:23.607", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In saveToXml of PersistableBundle.java, invalid data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En saveToXml de PersistableBundle.java, los datos no v\u00e1lidos podr\u00edan provocar una denegaci\u00f3n de servicio persistente local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40075.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40075.json index 1adef911fa6..e993382bfaa 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40075.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40075.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40075", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:23.660", - "lastModified": "2023-12-04T23:15:23.660", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In forceReplaceShortcutInner of ShortcutPackage.java, there is a possible way to register unlimited packages due to a missing bounds check. This could lead to local denial of service which results in a boot loop with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En forceReplaceShortcutInner de ShortcutPackage.java, existe una forma posible de registrar paquetes ilimitados debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local, lo que dar\u00eda lugar a un bucle de inicio sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40076.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40076.json index 833ea77f190..010d80e9144 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40076.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40076.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40076", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:23.713", - "lastModified": "2023-12-04T23:15:23.713", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In createPendingIntent of CredentialManagerUi.java, there is a possible way to access credentials from other users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En createPendingIntent de CredentialManagerUi.java, existe una forma posible de acceder a las credenciales de otros usuarios debido a una omisi\u00f3n de permisos. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40077.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40077.json index 8e61f55eba9..69c2a443e56 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40077.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40077.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40077", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:23.760", - "lastModified": "2023-12-04T23:15:23.760", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In multiple functions of MetaDataBase.cpp, there is a possible UAF write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En m\u00faltiples funciones de MetaDataBase.cpp, existe una posible escritura UAF debido a una condici\u00f3n de ejecuci\u00f3n. Esto podr\u00eda conducir a una escalada remota de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40078.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40078.json index 239b2a0220c..c701a744f2b 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40078.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40078.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40078", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:23.807", - "lastModified": "2023-12-04T23:15:23.807", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In a2dp_vendor_opus_decoder_decode_packet of a2dp_vendor_opus_decoder.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En a2dp_vendor_opus_decoder_decode_packet de a2dp_vendor_opus_decoder.cc, hay una posible escritura fuera de los l\u00edmites debido a un desbordamiento del heap del b\u00fafer. Esto podr\u00eda llevar a una escalada de privilegios del dispositivo emparejado sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40079.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40079.json index d0a993d969d..68ce3a42de5 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40079.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40079.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40079", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:23.857", - "lastModified": "2023-12-04T23:15:23.857", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In injectSendIntentSender of ShortcutService.java, there is a possible background activity launch due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En injectSendIntentSender de ShortcutService.java, existe un posible inicio de actividad en segundo plano debido a una omisi\u00f3n de permisos. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40080.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40080.json index ce28b17046d..bd8a0b393df 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40080.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40080.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40080", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:23.913", - "lastModified": "2023-12-04T23:15:23.913", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In multiple functions of btm_ble_gap.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En m\u00faltiples funciones de btm_ble_gap.cc, existe una posible escritura fuera de los l\u00edmites debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40081.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40081.json index 3f3e5c8e4ce..3481a325063 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40081.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40081.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40081", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:23.973", - "lastModified": "2023-12-04T23:15:23.973", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In loadMediaDataInBgForResumption of MediaDataManager.kt, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En loadMediaDataInBgForResumption de MediaDataManager.kt, existe una forma posible de ver las im\u00e1genes de otro usuario debido a un diputado confundido. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40082.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40082.json index 314e56910e0..6250161555c 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40082.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40082.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40082", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:24.023", - "lastModified": "2023-12-04T23:15:24.023", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In modify_for_next_stage of fdt.rs, there is a possible way to render KASLR ineffective due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En modify_for_next_stage de fdt.rs, existe una manera posible de hacer que KASLR sea ineficaz debido a un uso incorrecto de la criptograf\u00eda. Esto podr\u00eda conducir a una escalada remota de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40083.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40083.json index f69c9d583f8..239d2716f5b 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40083.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40083.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40083", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:24.073", - "lastModified": "2023-12-04T23:15:24.073", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In parse_gap_data of utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En parse_gap_data de utils.cc, hay una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n del usuario necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40084.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40084.json index 198f66bc338..1ba30e8072b 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40084.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40084.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40084", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:24.130", - "lastModified": "2023-12-04T23:15:24.130", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In run of MDnsSdListener.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En run de MDnsSdListener.cpp, existe una posible corrupci\u00f3n de la memoria debido a un use after free. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40087.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40087.json index 97268648574..55b76bf8b09 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40087.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40087.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40087", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:24.177", - "lastModified": "2023-12-04T23:15:24.177", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In transcodeQ*ToFloat of btif_avrcp_audio_track.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En transcodeQ*ToFloat de btif_avrcp_audio_track.cc, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltante. Esto podr\u00eda llevar a una escalada de privilegios del dispositivo emparejado sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40088.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40088.json index ff4fcc69b62..1623556f266 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40088.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40088.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40088", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:24.230", - "lastModified": "2023-12-04T23:15:24.230", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In callback_thread_event of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible memory corruption due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En callback_thread_event de com_android_bluetooth_btservice_AdapterService.cpp, existe una posible corrupci\u00f3n de memoria debido a use after free. Esto podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo (pr\u00f3ximo/adyacente) sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40089.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40089.json index d0eb6bff7f4..cbdd8a5906f 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40089.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40089.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40089", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:24.283", - "lastModified": "2023-12-04T23:15:24.283", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In getCredentialManagerPolicy of DevicePolicyManagerService.java, there is a possible method for users to select credential managers without permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En getCredentialManagerPolicy de DevicePolicyManagerService.java, existe un m\u00e9todo posible para que los usuarios seleccionen administradores de credenciales sin permiso debido a que falta una verificaci\u00f3n de permiso. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40090.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40090.json index 82a08a77f64..58d1bcbfce5 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40090.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40090.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40090", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:24.337", - "lastModified": "2023-12-04T23:15:24.337", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In BTM_BleVerifySignature of btm_ble.cc, there is a possible way to bypass signature validation due to side channel information disclosure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En BTM_BleVerifySignature de btm_ble.cc, existe una forma posible de omitir la validaci\u00f3n de firma debido a la divulgaci\u00f3n de informaci\u00f3n del canal lateral. Esto podr\u00eda conducir a una escalada remota de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40091.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40091.json index a3d47a7e77e..133679d05cd 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40091.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40091.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40091", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:24.387", - "lastModified": "2023-12-04T23:15:24.387", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In onTransact of IncidentService.cpp, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En onTransact de IncidentService.cpp, existe una posible escritura fuera de los l\u00edmites debido a da\u00f1os en la memoria. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40092.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40092.json index 883ced8a941..5cb9c562acb 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40092.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40092.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40092", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:24.440", - "lastModified": "2023-12-04T23:15:24.440", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In verifyShortcutInfoPackage of ShortcutService.java, there is a possible way to see another user's image due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En verificarShortcutInfoPackage de ShortcutService.java, existe una forma posible de ver la imagen de otro usuario debido a un diputado confundido. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40094.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40094.json index 67888206422..ff9dd1d5f09 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40094.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40094.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40094", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:24.493", - "lastModified": "2023-12-04T23:15:24.493", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In keyguardGoingAway of ActivityTaskManagerService.java, there is a possible lock screen bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En keyguardGoingAway de ActivityTaskManagerService.java, existe una posible omisi\u00f3n de la pantalla de bloqueo debido a una falta de verificaci\u00f3n de permisos. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40095.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40095.json index 5299550bea3..cec113b0314 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40095.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40095.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40095", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:24.547", - "lastModified": "2023-12-04T23:15:24.547", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In createDontSendToRestrictedAppsBundle of PendingIntentUtils.java, there is a possible background activity launch due to a missing check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En createDontSendToRestrictedAppsBundle de PendingIntentUtils.java, existe un posible inicio de actividad en segundo plano debido a que falta una verificaci\u00f3n. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40096.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40096.json index 2e3e3a8dd02..599ace1e7d9 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40096.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40096.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40096", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:24.600", - "lastModified": "2023-12-04T23:15:24.600", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In OpRecordAudioMonitor::onFirstRef of AudioRecordClient.cpp, there is a possible way to record audio from the background due to a missing flag. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En OpRecordAudioMonitor::onFirstRef de AudioRecordClient.cpp, existe una forma posible de grabar audio en segundo plano debido a que falta un indicador. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n del usuario necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40097.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40097.json index fe6dc896532..7fee7c25975 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40097.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40097.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40097", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:24.657", - "lastModified": "2023-12-04T23:15:24.657", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In hasPermissionForActivity of PackageManagerHelper.java, there is a possible URI grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation." + }, + { + "lang": "es", + "value": "En hasPermissionForActivity de PackageManagerHelper.java, existe una posible concesi\u00f3n de URI debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40098.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40098.json index 6b13bf917cb..dd4d571cedd 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40098.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40098.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40098", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:24.707", - "lastModified": "2023-12-04T23:15:24.707", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In mOnDone of NotificationConversationInfo.java, there is a possible way to access app notification data of another user due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En mOnDone de NotificationConversationInfo.java, existe una forma posible de acceder a los datos de notificaci\u00f3n de la aplicaci\u00f3n de otro usuario debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-401xx/CVE-2023-40103.json b/CVE-2023/CVE-2023-401xx/CVE-2023-40103.json index 97dcc81c56f..2deb217400c 100644 --- a/CVE-2023/CVE-2023-401xx/CVE-2023-40103.json +++ b/CVE-2023/CVE-2023-401xx/CVE-2023-40103.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40103", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:24.757", - "lastModified": "2023-12-04T23:15:24.757", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In multiple locations, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En varias ubicaciones, existe una posible forma de da\u00f1ar la memoria debido a una doble liberaci\u00f3n. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-404xx/CVE-2023-40459.json b/CVE-2023/CVE-2023-404xx/CVE-2023-40459.json index 8b40df5a325..f26df408567 100644 --- a/CVE-2023/CVE-2023-404xx/CVE-2023-40459.json +++ b/CVE-2023/CVE-2023-404xx/CVE-2023-40459.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40459", "sourceIdentifier": "security@sierrawireless.com", "published": "2023-12-04T23:15:24.933", - "lastModified": "2023-12-04T23:15:24.933", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "\n\n\n\n\n\n\n\n\nThe\nACEManager component of ALEOS 4.16 and earlier does not adequately perform\ninput sanitization during authentication, which could potentially result in a\nDenial of Service (DoS) condition for ACEManager without impairing other router\nfunctions. ACEManager recovers from the DoS condition by restarting within ten\nseconds of becoming unavailable.\n\n\n\n\n\n\n" + }, + { + "lang": "es", + "value": "El componente ACEManager de ALEOS 4.16 y versiones anteriores no realiza adecuadamente la sanitizaci\u00f3n de entradas durante la autenticaci\u00f3n, lo que podr\u00eda resultar en una condici\u00f3n de denegaci\u00f3n de servicio (DoS) para ACEManager sin afectar otras funciones del router. ACEManager se recupera de la condici\u00f3n DoS reinici\u00e1ndose dentro de los diez segundos posteriores a que no est\u00e9 disponible." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-404xx/CVE-2023-40460.json b/CVE-2023/CVE-2023-404xx/CVE-2023-40460.json index 4476c7779da..f1b7d14db72 100644 --- a/CVE-2023/CVE-2023-404xx/CVE-2023-40460.json +++ b/CVE-2023/CVE-2023-404xx/CVE-2023-40460.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40460", "sourceIdentifier": "security@sierrawireless.com", "published": "2023-12-04T23:15:25.180", - "lastModified": "2023-12-04T23:15:25.180", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "\n\n\n\n\n\n\n\n\n\nThe ACEManager\ncomponent of ALEOS 4.16 and earlier does not\n\n\n\nvalidate uploaded\nfile names and types, which could potentially allow\n\n\n\nan authenticated\nuser to perform client-side script execution within\n\n\n\nACEManager, altering\nthe device functionality until the device is\n\n\n\nrestarted.\n\n\n\n\n\n\n\n" + }, + { + "lang": "es", + "value": "El componente ACEManager de ALEOS 4.16 y versiones anteriores no valida los nombres y tipos de archivos cargados, lo que podr\u00eda permitir a un usuario autenticado realizar la ejecuci\u00f3n de scripts del lado del cliente dentro de ACEManager, alterando la funcionalidad del dispositivo hasta que se reinicie." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-404xx/CVE-2023-40461.json b/CVE-2023/CVE-2023-404xx/CVE-2023-40461.json index 621d4b19f59..1974faddbc7 100644 --- a/CVE-2023/CVE-2023-404xx/CVE-2023-40461.json +++ b/CVE-2023/CVE-2023-404xx/CVE-2023-40461.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40461", "sourceIdentifier": "security@sierrawireless.com", "published": "2023-12-04T23:15:25.397", - "lastModified": "2023-12-04T23:15:25.397", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "\n\n\n\n\n\n\n\n\n\nThe ACEManager\ncomponent of ALEOS 4.16 and earlier allows an\n\n\n\nauthenticated user\nwith Administrator privileges to access a file\n\n\n\nupload field which\ndoes not fully validate the file name, creating a\n\n\n\nStored Cross-Site\nScripting condition.\n\n\n\n\n\n\n\n" + }, + { + "lang": "es", + "value": "El componente ACEManager de ALEOS 4.16 y versiones anteriores permite que un usuario autenticado con privilegios de administrador acceda a un campo de carga de archivos que no valida completamente el nombre del archivo, creando una condici\u00f3n de Cross-Site Scripting Almacenado." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-404xx/CVE-2023-40462.json b/CVE-2023/CVE-2023-404xx/CVE-2023-40462.json index 001a3caf579..f37e5be3e01 100644 --- a/CVE-2023/CVE-2023-404xx/CVE-2023-40462.json +++ b/CVE-2023/CVE-2023-404xx/CVE-2023-40462.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40462", "sourceIdentifier": "security@sierrawireless.com", "published": "2023-12-04T23:15:25.603", - "lastModified": "2023-12-04T23:15:25.603", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "\n\n\n\n\n\n\n\n\n\nThe ACEManager\ncomponent of ALEOS 4.16 and earlier does not\n\n\n\nperform input\nsanitization during authentication, which could\n\n\n\npotentially result\nin a Denial of Service (DoS) condition for\n\n\n\nACEManager without\nimpairing other router functions. ACEManager\n\n\n\nrecovers from the\nDoS condition by restarting within ten seconds of\n\n\n\nbecoming\nunavailable.\n\n\n\n\n\n\n\n" + }, + { + "lang": "es", + "value": "El componente ACEManager de ALEOS 4.16 y versiones anteriores no realiza sanitizaci\u00f3n de entrada durante la autenticaci\u00f3n, lo que podr\u00eda resultar en una condici\u00f3n de denegaci\u00f3n de servicio (DoS) para ACEManager sin afectar otras funciones del router. ACEManager se recupera de la condici\u00f3n DoS reinici\u00e1ndose dentro de los diez segundos posteriores a que no est\u00e9 disponible." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-404xx/CVE-2023-40463.json b/CVE-2023/CVE-2023-404xx/CVE-2023-40463.json index d696ffcc2dd..49280d5a5dd 100644 --- a/CVE-2023/CVE-2023-404xx/CVE-2023-40463.json +++ b/CVE-2023/CVE-2023-404xx/CVE-2023-40463.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40463", "sourceIdentifier": "security@sierrawireless.com", "published": "2023-12-04T23:15:25.830", - "lastModified": "2023-12-04T23:15:25.830", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "\n\n\n\n\n\n\n\n\n\nWhen configured in\ndebugging mode by an authenticated user with\n\n\n\nadministrative\nprivileges, ALEOS 4.16 and earlier store the SHA512\n\n\n\nhash of the common\nroot password for that version in a directory\n\n\n\naccessible to a user\nwith root privileges or equivalent access.\n\n\n\n\n\n\n\n" + }, + { + "lang": "es", + "value": "Cuando un usuario autenticado con privilegios administrativos lo configura en modo de depuraci\u00f3n, ALEOS 4.16 y versiones anteriores almacenan el hash SHA512 de la contrase\u00f1a ra\u00edz com\u00fan para esa versi\u00f3n en un directorio accesible para un usuario con privilegios ra\u00edz o acceso equivalente." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-404xx/CVE-2023-40464.json b/CVE-2023/CVE-2023-404xx/CVE-2023-40464.json index f74d185aab5..d0fd68230ec 100644 --- a/CVE-2023/CVE-2023-404xx/CVE-2023-40464.json +++ b/CVE-2023/CVE-2023-404xx/CVE-2023-40464.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40464", "sourceIdentifier": "security@sierrawireless.com", "published": "2023-12-04T23:15:26.040", - "lastModified": "2023-12-04T23:15:26.040", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "\n\n\n\n\n\n\n\n\n\nSeveral versions of\nALEOS, including ALEOS 4.16.0, use a hardcoded\n\n\n\nSSL certificate and\nprivate key. An attacker with access to these items\n\n\n\ncould potentially\nperform a man in the middle attack between the\n\n\n\nACEManager client\nand ACEManager server.\n\n\n\n\n\n\n\n" + }, + { + "lang": "es", + "value": "Varias versiones de ALEOS, incluido ALEOS 4.16.0, utilizan un certificado SSL codificado y una clave privada. Un atacante con acceso a estos elementos podr\u00eda potencialmente realizar un ataque intermediario entre el cliente ACEManager y el servidor ACEManager." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-404xx/CVE-2023-40465.json b/CVE-2023/CVE-2023-404xx/CVE-2023-40465.json index a0b54f62f7a..4195950b9be 100644 --- a/CVE-2023/CVE-2023-404xx/CVE-2023-40465.json +++ b/CVE-2023/CVE-2023-404xx/CVE-2023-40465.json @@ -2,12 +2,16 @@ "id": "CVE-2023-40465", "sourceIdentifier": "security@sierrawireless.com", "published": "2023-12-04T23:15:26.247", - "lastModified": "2023-12-04T23:15:26.247", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "\n\n\n\n\n\n\n\n\n\nSeveral versions of\nALEOS, including ALEOS 4.16.0, include an opensource\n\n\n\nthird-party\ncomponent which can be exploited from the local\n\n\n\narea network,\nresulting in a Denial of Service condition for the captive portal.\n\n\n\n\n\n\n\n" + }, + { + "lang": "es", + "value": "Varias versiones de ALEOS, incluida ALEOS 4.16.0, incluyen un componente de terceros de c\u00f3digo abierto que puede explotarse desde la red de \u00e1rea local, lo que genera una condici\u00f3n de denegaci\u00f3n de servicio para el portal cautivo." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-418xx/CVE-2023-41835.json b/CVE-2023/CVE-2023-418xx/CVE-2023-41835.json index 87fd1a7a8ca..4a23c967cac 100644 --- a/CVE-2023/CVE-2023-418xx/CVE-2023-41835.json +++ b/CVE-2023/CVE-2023-418xx/CVE-2023-41835.json @@ -2,12 +2,16 @@ "id": "CVE-2023-41835", "sourceIdentifier": "security@apache.org", "published": "2023-12-05T09:15:07.093", - "lastModified": "2023-12-05T09:15:07.093", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "When a Multipart request is performed but some of the fields exceed the maxStringLength\u00a0 limit, the upload files will remain in struts.multipart.saveDir\u00a0 even if the request has been denied.\nUsers are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue." + }, + { + "lang": "es", + "value": "Cuando se realiza una solicitud multiparte pero algunos de los campos exceden el l\u00edmite maxStringLength, los archivos cargados permanecer\u00e1n en struts.multipart.saveDir incluso si la solicitud ha sido denegada. Se recomienda a los usuarios actualizar a las versiones Struts 2.5.32 o 6.1.2.2 o Struts 6.3.0.1 o superior, que solucionan este problema." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-425xx/CVE-2023-42556.json b/CVE-2023/CVE-2023-425xx/CVE-2023-42556.json index afabb8e0241..d4a3b12ce27 100644 --- a/CVE-2023/CVE-2023-425xx/CVE-2023-42556.json +++ b/CVE-2023/CVE-2023-425xx/CVE-2023-42556.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42556", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-12-05T03:15:15.030", - "lastModified": "2023-12-05T03:15:15.030", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper usage of implicit intent in Contacts prior to SMR Dec-2023 Release 1 allows attacker to get sensitive information." + }, + { + "lang": "es", + "value": "El uso inadecuado de la intenci\u00f3n impl\u00edcita en Contacts antes de la versi\u00f3n 1 de SMR de diciembre de 2023 permite al atacante obtener informaci\u00f3n confidencial." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-425xx/CVE-2023-42557.json b/CVE-2023/CVE-2023-425xx/CVE-2023-42557.json index 813c92a2ab4..10c06ffa216 100644 --- a/CVE-2023/CVE-2023-425xx/CVE-2023-42557.json +++ b/CVE-2023/CVE-2023-425xx/CVE-2023-42557.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42557", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-12-05T03:15:15.220", - "lastModified": "2023-12-05T03:15:15.220", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Out-of-bound write vulnerability in libIfaaCa prior to SMR Dec-2023 Release 1 allows local system attackers to execute arbitrary code." + }, + { + "lang": "es", + "value": "Vulnerabilidad de escritura fuera de los l\u00edmites en libIfaaCa anterior a SMR Dec-2023 Release 1 permite a atacantes del sistema local ejecutar c\u00f3digo arbitrario." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-425xx/CVE-2023-42558.json b/CVE-2023/CVE-2023-425xx/CVE-2023-42558.json index 8e5623ec8fd..7012909d7a5 100644 --- a/CVE-2023/CVE-2023-425xx/CVE-2023-42558.json +++ b/CVE-2023/CVE-2023-425xx/CVE-2023-42558.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42558", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-12-05T03:15:15.390", - "lastModified": "2023-12-05T03:15:15.390", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Out of bounds write vulnerability in HDCP in HAL prior to SMR Dec-2023 Release 1 allows attacker to perform code execution." + }, + { + "lang": "es", + "value": "Vulnerabilidad de escritura fuera de los l\u00edmites en HDCP en HAL anterior a SMR Dec-2023 Release 1 permite al atacante realizar la ejecuci\u00f3n de c\u00f3digo." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-425xx/CVE-2023-42559.json b/CVE-2023/CVE-2023-425xx/CVE-2023-42559.json index b0732286eb7..3009a60de6a 100644 --- a/CVE-2023/CVE-2023-425xx/CVE-2023-42559.json +++ b/CVE-2023/CVE-2023-425xx/CVE-2023-42559.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42559", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-12-05T03:15:15.557", - "lastModified": "2023-12-05T03:15:15.557", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper exception management vulnerability in Knox Guard prior to SMR Dec-2023 Release 1 allows Knox Guard lock bypass via changing system time." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de gesti\u00f3n de excepciones inadecuada en Knox Guard anterior a SMR de diciembre de 2023, versi\u00f3n 1, permite omitir el bloqueo de Knox Guard cambiando la hora del sistema." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-425xx/CVE-2023-42560.json b/CVE-2023/CVE-2023-425xx/CVE-2023-42560.json index b66d7bfe501..7b3822ceee2 100644 --- a/CVE-2023/CVE-2023-425xx/CVE-2023-42560.json +++ b/CVE-2023/CVE-2023-425xx/CVE-2023-42560.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42560", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-12-05T03:15:15.723", - "lastModified": "2023-12-05T03:15:15.723", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Heap out-of-bounds write vulnerability in dec_mono_audb of libsavsac.so prior to SMR Dec-2023 Release 1 allows an attacker to execute arbitrary code." + }, + { + "lang": "es", + "value": "Vulnerabilidad de escritura fuera de los l\u00edmites del heap en dec_mono_audb de libsavsac.so antes de SMR Dec-2023 Release 1 permite a un atacante ejecutar c\u00f3digo arbitrario." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-425xx/CVE-2023-42561.json b/CVE-2023/CVE-2023-425xx/CVE-2023-42561.json index b6fd2b48700..4322b568939 100644 --- a/CVE-2023/CVE-2023-425xx/CVE-2023-42561.json +++ b/CVE-2023/CVE-2023-425xx/CVE-2023-42561.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42561", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-12-05T03:15:15.893", - "lastModified": "2023-12-05T03:15:15.893", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec-2023 Release 1 allows a physical attacker to execute arbitrary code." + }, + { + "lang": "es", + "value": "Vulnerabilidad de escritura fuera de los l\u00edmites del heap en bootloader anterior a SMR Dec-2023 Release 1 permite a un atacante f\u00edsico ejecutar c\u00f3digo arbitrario." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-425xx/CVE-2023-42562.json b/CVE-2023/CVE-2023-425xx/CVE-2023-42562.json index 63ac31df91c..5608b248318 100644 --- a/CVE-2023/CVE-2023-425xx/CVE-2023-42562.json +++ b/CVE-2023/CVE-2023-425xx/CVE-2023-42562.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42562", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-12-05T03:15:16.060", - "lastModified": "2023-12-05T03:15:16.060", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Integer overflow vulnerability in detectionFindFaceSupportMultiInstance of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow." + }, + { + "lang": "es", + "value": "Vulnerabilidad de desbordamiento de enteros en detectionFindFaceSupportMultiInstance de libFacePreProcessingjni.camera.samsung.so antes de SMR de diciembre de 2023, versi\u00f3n 1, permite al atacante desencadenar un desbordamiento del heap." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-425xx/CVE-2023-42563.json b/CVE-2023/CVE-2023-425xx/CVE-2023-42563.json index 388a021bd68..07bdb8736fe 100644 --- a/CVE-2023/CVE-2023-425xx/CVE-2023-42563.json +++ b/CVE-2023/CVE-2023-425xx/CVE-2023-42563.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42563", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-12-05T03:15:16.230", - "lastModified": "2023-12-05T03:15:16.230", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Integer overflow vulnerability in landmarkCopyImageToNative of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow." + }, + { + "lang": "es", + "value": "Vulnerabilidad de desbordamiento de enteros en LandmarkCopyImageToNative de libFacePreProcessingjni.camera.samsung.so antes de SMR Dec-2023 Release 1 permite al atacante desencadenar un desbordamiento del heap." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-425xx/CVE-2023-42564.json b/CVE-2023/CVE-2023-425xx/CVE-2023-42564.json index aef708e49ce..98f3e48698f 100644 --- a/CVE-2023/CVE-2023-425xx/CVE-2023-42564.json +++ b/CVE-2023/CVE-2023-425xx/CVE-2023-42564.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42564", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-12-05T03:15:16.400", - "lastModified": "2023-12-05T03:15:16.400", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper access control in knoxcustom service prior to SMR Dec-2023 Release 1 allows attacker to send broadcast with system privilege." + }, + { + "lang": "es", + "value": "El control de acceso inadecuado en knoxcustom service anterior a la versi\u00f3n 1 de SMR de diciembre de 2023 permite al atacante enviar transmisiones con privilegios del sistema." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-425xx/CVE-2023-42565.json b/CVE-2023/CVE-2023-425xx/CVE-2023-42565.json index 5929659550c..4fa91744d7e 100644 --- a/CVE-2023/CVE-2023-425xx/CVE-2023-42565.json +++ b/CVE-2023/CVE-2023-425xx/CVE-2023-42565.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42565", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-12-05T03:15:16.553", - "lastModified": "2023-12-05T03:15:16.553", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper input validation vulnerability in Smart Clip prior to SMR Dec-2023 Release 1 allows local attackers with shell privilege to execute arbitrary code." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de validaci\u00f3n de entrada incorrecta en Smart Clip anterior a SMR Dec-2023 Release 1 permite a atacantes locales con privilegios de shell ejecutar c\u00f3digo arbitrario." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-425xx/CVE-2023-42566.json b/CVE-2023/CVE-2023-425xx/CVE-2023-42566.json index d738261147e..4c81f3cda5e 100644 --- a/CVE-2023/CVE-2023-425xx/CVE-2023-42566.json +++ b/CVE-2023/CVE-2023-425xx/CVE-2023-42566.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42566", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-12-05T03:15:16.720", - "lastModified": "2023-12-05T03:15:16.720", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Out-of-bound write vulnerability in libsavsvc prior to SMR Dec-2023 Release 1 allows local attackers to execute arbitrary code." + }, + { + "lang": "es", + "value": "Vulnerabilidad de escritura fuera de l\u00edmites en libsavsvc anterior a SMR Dec-2023 Release 1 permite a atacantes locales ejecutar c\u00f3digo arbitrario." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-425xx/CVE-2023-42567.json b/CVE-2023/CVE-2023-425xx/CVE-2023-42567.json index 382fefb0798..2da8b58821d 100644 --- a/CVE-2023/CVE-2023-425xx/CVE-2023-42567.json +++ b/CVE-2023/CVE-2023-425xx/CVE-2023-42567.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42567", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-12-05T03:15:16.900", - "lastModified": "2023-12-05T03:15:16.900", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper size check vulnerability in softsimd prior to SMR Dec-2023 Release 1 allows stack-based buffer overflow." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de verificaci\u00f3n de tama\u00f1o inadecuado en softsimd anterior a SMR de diciembre de 2023, versi\u00f3n 1, permite el desbordamiento del b\u00fafer basado en pila." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-425xx/CVE-2023-42568.json b/CVE-2023/CVE-2023-425xx/CVE-2023-42568.json index e76a5d4e9e0..bd6fd8cc1ad 100644 --- a/CVE-2023/CVE-2023-425xx/CVE-2023-42568.json +++ b/CVE-2023/CVE-2023-425xx/CVE-2023-42568.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42568", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-12-05T03:15:17.070", - "lastModified": "2023-12-05T03:15:17.070", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper access control vulnerability in SmartManagerCN prior to SMR Dec-2023 Release 1 allows local attackers to access arbitrary files with SystemUI privilege." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de control de acceso inadecuado en SmartManagerCN anterior a SMR Dec-2023 Release 1 permite a atacantes locales acceder a archivos arbitrarios con privilegios SystemUI." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-425xx/CVE-2023-42569.json b/CVE-2023/CVE-2023-425xx/CVE-2023-42569.json index 245d6e3c9d2..ac93af3a3e3 100644 --- a/CVE-2023/CVE-2023-425xx/CVE-2023-42569.json +++ b/CVE-2023/CVE-2023-425xx/CVE-2023-42569.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42569", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-12-05T03:15:17.237", - "lastModified": "2023-12-05T03:15:17.237", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1 allows attackers to read sandbox data of AR Emoji." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de verificaci\u00f3n de autorizaci\u00f3n inadecuada en AR Emoji antes de la versi\u00f3n 1 de SMR de diciembre de 2023 permite a los atacantes leer datos de la zona de pruebas de AR Emoji." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-425xx/CVE-2023-42570.json b/CVE-2023/CVE-2023-425xx/CVE-2023-42570.json index be33166691c..2610acda0f1 100644 --- a/CVE-2023/CVE-2023-425xx/CVE-2023-42570.json +++ b/CVE-2023/CVE-2023-425xx/CVE-2023-42570.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42570", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-12-05T03:15:17.403", - "lastModified": "2023-12-05T03:15:17.403", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper access control vulnerability in KnoxCustomManagerService prior to SMR Dec-2023 Release 1 allows attacker to access device SIM PIN." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de control de acceso inadecuado en KnoxCustomManagerService anterior a la versi\u00f3n 1 de SMR de diciembre de 2023 permite al atacante acceder al PIN de la SIM del dispositivo." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-425xx/CVE-2023-42571.json b/CVE-2023/CVE-2023-425xx/CVE-2023-42571.json index 6064a6cc1fd..c90d5e674b3 100644 --- a/CVE-2023/CVE-2023-425xx/CVE-2023-42571.json +++ b/CVE-2023/CVE-2023-425xx/CVE-2023-42571.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42571", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-12-05T03:15:17.573", - "lastModified": "2023-12-05T03:15:17.573", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Abuse of remote unlock in Find My Mobile prior to version 7.3.13.4 allows physical attacker to unlock the device remotely by resetting the Samsung Account password with SMS verification when user lost the device." + }, + { + "lang": "es", + "value": "El abuso del desbloqueo remoto en Find My Mobile anterior a la versi\u00f3n 7.3.13.4 permite a un atacante f\u00edsico desbloquear el dispositivo de forma remota restableciendo la contrase\u00f1a de la cuenta Samsung con verificaci\u00f3n por SMS cuando el usuario pierde el dispositivo." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-425xx/CVE-2023-42572.json b/CVE-2023/CVE-2023-425xx/CVE-2023-42572.json index 533c81c9c83..51af3002329 100644 --- a/CVE-2023/CVE-2023-425xx/CVE-2023-42572.json +++ b/CVE-2023/CVE-2023-425xx/CVE-2023-42572.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42572", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-12-05T03:15:17.750", - "lastModified": "2023-12-05T03:15:17.750", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Implicit intent hijacking vulnerability in Samsung Account Web SDK prior to version 1.5.24 allows attacker to get sensitive information." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de secuestro de intenci\u00f3n impl\u00edcita en Samsung Account Web SDK anterior a la versi\u00f3n 1.5.24 permite al atacante obtener informaci\u00f3n confidencial." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-425xx/CVE-2023-42573.json b/CVE-2023/CVE-2023-425xx/CVE-2023-42573.json index caa8528cec0..0f56814b7e9 100644 --- a/CVE-2023/CVE-2023-425xx/CVE-2023-42573.json +++ b/CVE-2023/CVE-2023-425xx/CVE-2023-42573.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42573", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-12-05T03:15:17.927", - "lastModified": "2023-12-05T03:15:17.927", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "PendingIntent hijacking vulnerability in Search Widget prior to version 3.4 in China models allows local attackers to access data." + }, + { + "lang": "es", + "value": "La vulnerabilidad de secuestro PendingIntent en Search Widget anterior a la versi\u00f3n 3.4 en los modelos de China permite a atacantes locales acceder a los datos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-425xx/CVE-2023-42574.json b/CVE-2023/CVE-2023-425xx/CVE-2023-42574.json index 7fb14897e18..74d8cb7f2af 100644 --- a/CVE-2023/CVE-2023-425xx/CVE-2023-42574.json +++ b/CVE-2023/CVE-2023-425xx/CVE-2023-42574.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42574", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-12-05T03:15:18.100", - "lastModified": "2023-12-05T03:15:18.100", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper access control vulnerablility in GameHomeCN prior to version 4.2.60.2 allows local attackers to launch arbitrary activity in GameHomeCN." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de control de acceso inadecuado en GameHomeCN anterior a la versi\u00f3n 4.2.60.2 permite a atacantes locales iniciar actividad arbitraria en GameHomeCN." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-425xx/CVE-2023-42575.json b/CVE-2023/CVE-2023-425xx/CVE-2023-42575.json index 34ac6a8bff2..45e80e4ca25 100644 --- a/CVE-2023/CVE-2023-425xx/CVE-2023-42575.json +++ b/CVE-2023/CVE-2023-425xx/CVE-2023-42575.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42575", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-12-05T03:15:18.273", - "lastModified": "2023-12-05T03:15:18.273", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid flag setting." + }, + { + "lang": "es", + "value": "Vulnerabilidad de autenticaci\u00f3n inadecuada en Samsung Pass anterior a la versi\u00f3n 4.3.00.17 permite a atacantes f\u00edsicos eludir la autenticaci\u00f3n debido a una configuraci\u00f3n de indicador no v\u00e1lida." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-425xx/CVE-2023-42576.json b/CVE-2023/CVE-2023-425xx/CVE-2023-42576.json index 73e31d4a6b0..28a2c1b519c 100644 --- a/CVE-2023/CVE-2023-425xx/CVE-2023-42576.json +++ b/CVE-2023/CVE-2023-425xx/CVE-2023-42576.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42576", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-12-05T03:15:18.450", - "lastModified": "2023-12-05T03:15:18.450", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid exception handler." + }, + { + "lang": "es", + "value": "Vulnerabilidad de autenticaci\u00f3n inadecuada en Samsung Pass anterior a la versi\u00f3n 4.3.00.17 permite a atacantes f\u00edsicos eludir la autenticaci\u00f3n debido a un controlador de excepciones no v\u00e1lido." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-425xx/CVE-2023-42577.json b/CVE-2023/CVE-2023-425xx/CVE-2023-42577.json index 230745630f4..59378ab785d 100644 --- a/CVE-2023/CVE-2023-425xx/CVE-2023-42577.json +++ b/CVE-2023/CVE-2023-425xx/CVE-2023-42577.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42577", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-12-05T03:15:18.623", - "lastModified": "2023-12-05T03:15:18.623", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Access Control in Samsung Voice Recorder prior to versions 21.4.15.01 in Android 12 and Android 13, 21.4.50.17 in Android 14 allows physical attackers to access Voice Recorder information on the lock screen." + }, + { + "lang": "es", + "value": "El control de acceso inadecuado en Samsung Voice Recorder anterior a las versiones 21.4.15.01 en Android 12 y Android 13, 21.4.50.17 en Android 14 permite a atacantes f\u00edsicos acceder a la informaci\u00f3n de Voice Recorder en la pantalla de bloqueo." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-425xx/CVE-2023-42578.json b/CVE-2023/CVE-2023-425xx/CVE-2023-42578.json index 4874cc456ab..6fe7746b2da 100644 --- a/CVE-2023/CVE-2023-425xx/CVE-2023-42578.json +++ b/CVE-2023/CVE-2023-425xx/CVE-2023-42578.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42578", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-12-05T03:15:18.803", - "lastModified": "2023-12-05T03:15:18.803", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper handling of insufficient permissions or privileges vulnerability in Samsung Data Store prior to version 5.2.00.7 allows remote attackers to access location information without permission." + }, + { + "lang": "es", + "value": "El manejo inadecuado de la vulnerabilidad de permisos o privilegios insuficientes en Samsung Data Store anterior a la versi\u00f3n 5.2.00.7 permite a atacantes remotos acceder a informaci\u00f3n de ubicaci\u00f3n sin permiso." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-425xx/CVE-2023-42579.json b/CVE-2023/CVE-2023-425xx/CVE-2023-42579.json index 5fc4b99e61a..b40df8c0a14 100644 --- a/CVE-2023/CVE-2023-425xx/CVE-2023-42579.json +++ b/CVE-2023/CVE-2023-425xx/CVE-2023-42579.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42579", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-12-05T03:15:18.967", - "lastModified": "2023-12-05T03:15:18.967", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper usage of insecure protocol (i.e. HTTP) in SogouSDK of Chinese Samsung Keyboard prior to versions 5.3.70.1 in Android 11, 5.4.60.49, 5.4.85.5, 5.5.00.58 in Android 12, and 5.6.00.52, 5.6.10.42, 5.7.00.45 in Android 13 allows adjacent attackers to access keystroke data using Man-in-the-Middle attack." + }, + { + "lang": "es", + "value": "Uso inadecuado de un protocolo inseguro (es decir, HTTP) en SogouSDK of Chinese Samsung Keyboard anterior a las versiones 5.3.70.1 en Android 11, 5.4.60.49, 5.4.85.5, 5.5.00.58 en Android 12 y 5.6.00.52, 5.6.10.42, 5.7 .00.45 en Android 13 permite a atacantes adyacentes acceder a datos de pulsaciones de teclas mediante el ataque Man-in-the-Middle." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-425xx/CVE-2023-42580.json b/CVE-2023/CVE-2023-425xx/CVE-2023-42580.json index 95cd5c83865..f83cd9e601a 100644 --- a/CVE-2023/CVE-2023-425xx/CVE-2023-42580.json +++ b/CVE-2023/CVE-2023-425xx/CVE-2023-42580.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42580", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-12-05T03:15:19.120", - "lastModified": "2023-12-05T03:15:19.120", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to install APK from Galaxy Store." + }, + { + "lang": "es", + "value": "La validaci\u00f3n de URL incorrecta del enlace profundo MCSLaunch en Galaxy Store anterior a la versi\u00f3n 4.5.64.4 permite a los atacantes ejecutar la API de JavaScript para instalar APK desde Galaxy Store." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-425xx/CVE-2023-42581.json b/CVE-2023/CVE-2023-425xx/CVE-2023-42581.json index 834aac97426..e89afe4ee90 100644 --- a/CVE-2023/CVE-2023-425xx/CVE-2023-42581.json +++ b/CVE-2023/CVE-2023-425xx/CVE-2023-42581.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42581", "sourceIdentifier": "mobile.security@samsung.com", "published": "2023-12-05T03:15:19.293", - "lastModified": "2023-12-05T03:15:19.293", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data." + }, + { + "lang": "es", + "value": "La validaci\u00f3n incorrecta de la URL del enlace profundo de InstantPlay en Galaxy Store antes de la versi\u00f3n 4.5.64.4 permite a los atacantes ejecutar la API de JavaScript para acceder a los datos." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-434xx/CVE-2023-43472.json b/CVE-2023/CVE-2023-434xx/CVE-2023-43472.json index 00d06401cda..bb69f1e864c 100644 --- a/CVE-2023/CVE-2023-434xx/CVE-2023-43472.json +++ b/CVE-2023/CVE-2023-434xx/CVE-2023-43472.json @@ -2,12 +2,16 @@ "id": "CVE-2023-43472", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-05T07:15:07.667", - "lastModified": "2023-12-05T07:15:07.667", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API." + }, + { + "lang": "es", + "value": "Un problema en las versiones 2.8.1 y anteriores de MLFlow permite que un atacante remoto obtenga informaci\u00f3n confidencial a trav\u00e9s de una solicitud manipulada a la API REST." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-436xx/CVE-2023-43608.json b/CVE-2023/CVE-2023-436xx/CVE-2023-43608.json index d4c54cc5aa0..8ec29c25057 100644 --- a/CVE-2023/CVE-2023-436xx/CVE-2023-43608.json +++ b/CVE-2023/CVE-2023-436xx/CVE-2023-43608.json @@ -2,12 +2,16 @@ "id": "CVE-2023-43608", "sourceIdentifier": "talos-cna@cisco.com", "published": "2023-12-05T12:15:42.467", - "lastModified": "2023-12-05T12:15:42.467", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A data integrity vulnerability exists in the BR_NO_CHECK_HASH_FOR functionality of Buildroot 2023.08.1 and dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de integridad de datos en la funcionalidad BR_NO_CHECK_HASH_FOR de Buildroot 2023.08.1 y el commit de desarrollo 622698d7847. Un ataque de intermediario especialmente manipulado puede provocar la ejecuci\u00f3n de comandos arbitrarios en el constructor." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-436xx/CVE-2023-43628.json b/CVE-2023/CVE-2023-436xx/CVE-2023-43628.json index 24bf15a1fed..e1783a5e11a 100644 --- a/CVE-2023/CVE-2023-436xx/CVE-2023-43628.json +++ b/CVE-2023/CVE-2023-436xx/CVE-2023-43628.json @@ -2,12 +2,16 @@ "id": "CVE-2023-43628", "sourceIdentifier": "talos-cna@cisco.com", "published": "2023-12-05T12:15:43.000", - "lastModified": "2023-12-05T12:15:43.000", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An integer overflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1~dev. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this vulnerability." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de desbordamiento de enteros en la funcionalidad NTRIP Stream Parsing de GPSd 3.25.1~dev. Un paquete de red especialmente manipulado puede provocar da\u00f1os en la memoria. Un atacante puede enviar un paquete malicioso para desencadenar esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44288.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44288.json index 7d767a0c998..d0b34a4aa1b 100644 --- a/CVE-2023/CVE-2023-442xx/CVE-2023-44288.json +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44288.json @@ -2,12 +2,16 @@ "id": "CVE-2023-44288", "sourceIdentifier": "security_alert@emc.com", "published": "2023-12-05T06:15:48.900", - "lastModified": "2023-12-05T06:15:48.900", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "\nDell PowerScale OneFS, 8.2.2.x through 9.6.0.x, contains an improper control of a resource through its lifetime vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, leading to denial of service.\n\n" + }, + { + "lang": "es", + "value": "Dell PowerScale OneFS, 8.2.2.x a 9.6.0.x, contiene un control inadecuado de un recurso a trav\u00e9s de su vulnerabilidad de por vida. Un atacante de red no autenticado podr\u00eda explotar esta vulnerabilidad y provocar una denegaci\u00f3n de servicio." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44295.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44295.json index fa824de1a87..b884b400cc2 100644 --- a/CVE-2023/CVE-2023-442xx/CVE-2023-44295.json +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44295.json @@ -2,12 +2,16 @@ "id": "CVE-2023-44295", "sourceIdentifier": "security_alert@emc.com", "published": "2023-12-05T06:15:49.110", - "lastModified": "2023-12-05T06:15:49.110", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "\nDell PowerScale OneFS versions 8.2.2.x through 9.6.0.x contains an improper control of a resource through its lifetime vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to loss of information, and information disclosure.\n\n" + }, + { + "lang": "es", + "value": "Dell PowerScale OneFS versiones 8.2.2.x a 9.6.0.x contiene un control inadecuado de un recurso a trav\u00e9s de su vulnerabilidad de por vida. Un atacante con privilegios bajos podr\u00eda explotar esta vulnerabilidad, lo que provocar\u00eda la p\u00e9rdida y divulgaci\u00f3n de informaci\u00f3n." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4460.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4460.json index a9a96bdb264..71f8e366e63 100644 --- a/CVE-2023/CVE-2023-44xx/CVE-2023-4460.json +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4460.json @@ -2,12 +2,16 @@ "id": "CVE-2023-4460", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-04T22:15:07.557", - "lastModified": "2023-12-04T22:15:07.557", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads." + }, + { + "lang": "es", + "value": "El complemento Uploading SVG, WEBP and ICO files de WordPress hasta la versi\u00f3n 1.2.1 no sanitiza los archivos SVG cargados, lo que podr\u00eda permitir a los usuarios con un rol tan bajo como Autor cargar un SVG malicioso que contenga payloads XSS." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-457xx/CVE-2023-45773.json b/CVE-2023/CVE-2023-457xx/CVE-2023-45773.json index cb4334b7f8b..2821297cbe5 100644 --- a/CVE-2023/CVE-2023-457xx/CVE-2023-45773.json +++ b/CVE-2023/CVE-2023-457xx/CVE-2023-45773.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45773", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:26.440", - "lastModified": "2023-12-04T23:15:26.440", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In multiple functions of btm_ble_gap.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En m\u00faltiples funciones de btm_ble_gap.cc, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltante. Esto podr\u00eda conducir a una escalada local de privilegios con privilegios de ejecuci\u00f3n del usuario necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-457xx/CVE-2023-45774.json b/CVE-2023/CVE-2023-457xx/CVE-2023-45774.json index 8263a4a151f..f0e7cfcf1f6 100644 --- a/CVE-2023/CVE-2023-457xx/CVE-2023-45774.json +++ b/CVE-2023/CVE-2023-457xx/CVE-2023-45774.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45774", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:26.483", - "lastModified": "2023-12-04T23:15:26.483", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In fixUpIncomingShortcutInfo of ShortcutService.java, there is a possible way to view another user's image due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En fixUpIncomingShortcutInfo de ShortcutService.java, existe una manera posible de ver la imagen de otro usuario debido a un diputado confundido. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-457xx/CVE-2023-45775.json b/CVE-2023/CVE-2023-457xx/CVE-2023-45775.json index 281aa0ee458..71e13b9b5c8 100644 --- a/CVE-2023/CVE-2023-457xx/CVE-2023-45775.json +++ b/CVE-2023/CVE-2023-457xx/CVE-2023-45775.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45775", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:26.530", - "lastModified": "2023-12-04T23:15:26.530", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In CreateAudioBroadcast of broadcaster.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En CreateAudioBroadcast de broadcaster.cc, hay una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltante. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-457xx/CVE-2023-45776.json b/CVE-2023/CVE-2023-457xx/CVE-2023-45776.json index 648baccf935..162435212f3 100644 --- a/CVE-2023/CVE-2023-457xx/CVE-2023-45776.json +++ b/CVE-2023/CVE-2023-457xx/CVE-2023-45776.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45776", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:26.577", - "lastModified": "2023-12-04T23:15:26.577", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In CreateAudioBroadcast of broadcaster.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En CreateAudioBroadcast de broadcaster.cc, hay una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltante. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-457xx/CVE-2023-45777.json b/CVE-2023/CVE-2023-457xx/CVE-2023-45777.json index 46c2ebbf5a2..ddff1c9c105 100644 --- a/CVE-2023/CVE-2023-457xx/CVE-2023-45777.json +++ b/CVE-2023/CVE-2023-457xx/CVE-2023-45777.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45777", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:26.623", - "lastModified": "2023-12-04T23:15:26.623", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to launch arbitrary activities using system privileges due to Parcel Mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En checkKeyIntentParceledCorrectly de AccountManagerService.java, existe una forma posible de iniciar actividades arbitrarias utilizando privilegios del sistema debido a una falta de coincidencia de parcelas. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-457xx/CVE-2023-45779.json b/CVE-2023/CVE-2023-457xx/CVE-2023-45779.json index 1f118c35efe..a1f1222db40 100644 --- a/CVE-2023/CVE-2023-457xx/CVE-2023-45779.json +++ b/CVE-2023/CVE-2023-457xx/CVE-2023-45779.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45779", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:26.673", - "lastModified": "2023-12-04T23:15:26.673", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In TBD of TBD, there is a possible malicious update to platform components due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En TBD de TBD, existe una posible actualizaci\u00f3n maliciosa de los componentes de la plataforma debido a un uso incorrecto de las criptomonedas. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-457xx/CVE-2023-45781.json b/CVE-2023/CVE-2023-457xx/CVE-2023-45781.json index 5e9598d478b..3e8b9a96b1c 100644 --- a/CVE-2023/CVE-2023-457xx/CVE-2023-45781.json +++ b/CVE-2023/CVE-2023-457xx/CVE-2023-45781.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45781", "sourceIdentifier": "security@android.com", "published": "2023-12-04T23:15:26.717", - "lastModified": "2023-12-04T23:15:26.717", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In parse_gap_data of utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En parse_gap_data de utils.cc, hay una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n del usuario necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45838.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45838.json index 804031244b1..83c123e60a0 100644 --- a/CVE-2023/CVE-2023-458xx/CVE-2023-45838.json +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45838.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45838", "sourceIdentifier": "talos-cna@cisco.com", "published": "2023-12-05T12:15:43.210", - "lastModified": "2023-12-05T12:15:43.210", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `aufs` package." + }, + { + "lang": "es", + "value": "Existen m\u00faltiples vulnerabilidades de integridad de datos en la funcionalidad de verificaci\u00f3n de hash del paquete de Buildroot 2023.08.1 y el commit de desarrollo de Buildroot 622698d7847. Un ataque de intermediario especialmente manipulado puede provocar la ejecuci\u00f3n de comandos arbitrarios en el generador. Esta vulnerabilidad est\u00e1 relacionada con el paquete `aufs`." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45839.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45839.json index 82c1b10fa40..7f87b7ae1ce 100644 --- a/CVE-2023/CVE-2023-458xx/CVE-2023-45839.json +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45839.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45839", "sourceIdentifier": "talos-cna@cisco.com", "published": "2023-12-05T12:15:43.397", - "lastModified": "2023-12-05T12:15:43.397", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `aufs-util` package." + }, + { + "lang": "es", + "value": "Existen m\u00faltiples vulnerabilidades de integridad de datos en la funcionalidad de verificaci\u00f3n de hash del paquete de Buildroot 2023.08.1 y el commit de desarrollo de Buildroot 622698d7847. Un ataque de intermediario especialmente manipulado puede provocar la ejecuci\u00f3n de comandos arbitrarios en el generador. Esta vulnerabilidad est\u00e1 relacionada con el paquete `aufs-util`." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45840.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45840.json index 1522de4b7a9..8152e643e27 100644 --- a/CVE-2023/CVE-2023-458xx/CVE-2023-45840.json +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45840.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45840", "sourceIdentifier": "talos-cna@cisco.com", "published": "2023-12-05T12:15:43.580", - "lastModified": "2023-12-05T12:15:43.580", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `riscv64-elf-toolchain` package." + }, + { + "lang": "es", + "value": "Existen m\u00faltiples vulnerabilidades de integridad de datos en la funcionalidad de verificaci\u00f3n de hash del paquete de Buildroot 2023.08.1 y el commit de desarrollo de Buildroot 622698d7847. Un ataque de intermediario especialmente manipulado puede provocar la ejecuci\u00f3n de comandos arbitrarios en el generador. Esta vulnerabilidad est\u00e1 relacionada con el paquete `riscv64-elf-toolchain`." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45841.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45841.json index b8351e455df..67faca747d6 100644 --- a/CVE-2023/CVE-2023-458xx/CVE-2023-45841.json +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45841.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45841", "sourceIdentifier": "talos-cna@cisco.com", "published": "2023-12-05T12:15:43.773", - "lastModified": "2023-12-05T12:15:43.773", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `versal-firmware` package." + }, + { + "lang": "es", + "value": "Existen m\u00faltiples vulnerabilidades de integridad de datos en la funcionalidad de verificaci\u00f3n de hash del paquete de Buildroot 2023.08.1 y el commit de desarrollo de Buildroot 622698d7847. Un ataque de intermediario especialmente manipulado puede provocar la ejecuci\u00f3n de comandos arbitrarios en el generador. Esta vulnerabilidad est\u00e1 relacionada con el paquete \"versal-firmware\"." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45842.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45842.json index 8bbb78c4413..1b09c1e6c69 100644 --- a/CVE-2023/CVE-2023-458xx/CVE-2023-45842.json +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45842.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45842", "sourceIdentifier": "talos-cna@cisco.com", "published": "2023-12-05T12:15:43.967", - "lastModified": "2023-12-05T12:15:43.967", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `mxsldr` package." + }, + { + "lang": "es", + "value": "Existen m\u00faltiples vulnerabilidades de integridad de datos en la funcionalidad de verificaci\u00f3n de hash del paquete de Buildroot 2023.08.1 y el commit de desarrollo de Buildroot 622698d7847. Un ataque de intermediario especialmente manipulado puede provocar la ejecuci\u00f3n de comandos arbitrarios en el generador. Esta vulnerabilidad est\u00e1 relacionada con el paquete `mxsldr`." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-468xx/CVE-2023-46887.json b/CVE-2023/CVE-2023-468xx/CVE-2023-46887.json index c497d498655..4a66b62682e 100644 --- a/CVE-2023/CVE-2023-468xx/CVE-2023-46887.json +++ b/CVE-2023/CVE-2023-468xx/CVE-2023-46887.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46887", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-29T05:15:07.980", - "lastModified": "2023-11-29T14:18:11.973", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-05T14:19:33.893", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,68 @@ "value": "En Dreamer CMS anterior a 4.0.1, la oficina de administraci\u00f3n de archivos adjuntos backend tiene una vulnerabilidad de descarga arbitraria de archivos." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-494" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dreamer_cms_project:dreamer_cms:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.0.1", + "matchCriteriaId": "A95C60AA-7AF7-4345-A810-25BC0EA1A570" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitee.com/iteachyou/dreamer_cms/issues/I6NDEZ", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47106.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47106.json index 1a7681b720f..e186c05f4bd 100644 --- a/CVE-2023/CVE-2023-471xx/CVE-2023-47106.json +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47106.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47106", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-04T21:15:33.600", - "lastModified": "2023-12-04T21:15:33.600", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Traefik is an open source HTTP reverse proxy and load balancer. When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates RFC 7230 because in the origin-form the URL should only contain the absolute path and the query. When this is combined with another frontend proxy like Nginx, it can be used to bypass frontend proxy URI-based access control restrictions. This vulnerability has been addressed in versions 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Traefik es un equilibrador de carga y proxy inverso HTTP de c\u00f3digo abierto. Cuando se env\u00eda una solicitud a Traefik con un fragmento de URL, Traefik codifica autom\u00e1ticamente la URL y reenv\u00eda el fragmento al servidor backend. Esto viola RFC 7230 porque en el formulario de origen la URL solo debe contener la ruta absoluta y la consulta. Cuando esto se combina con otro proxy de interfaz como Nginx, se puede utilizar para evitar las restricciones de control de acceso basadas en URI del proxy de interfaz. Esta vulnerabilidad se ha solucionado en las versiones 2.10.6 y 3.0.0-beta5. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47124.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47124.json index 96f37f575a1..05805a51a18 100644 --- a/CVE-2023/CVE-2023-471xx/CVE-2023-47124.json +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47124.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47124", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-04T21:15:33.850", - "lastModified": "2023-12-04T21:15:33.850", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Traefik is an open source HTTP reverse proxy and load balancer. When Traefik is configured to use the `HTTPChallenge` to generate and renew the Let's Encrypt TLS certificates, the delay authorized to solve the challenge (50 seconds) can be exploited by attackers to achieve a `slowloris attack`. This vulnerability has been patch in version 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. Users unable to upgrade should replace the `HTTPChallenge` with the `TLSChallenge` or the `DNSChallenge`." + }, + { + "lang": "es", + "value": "Traefik es un equilibrador de carga y proxy inverso HTTP de c\u00f3digo abierto. Cuando Traefik est\u00e1 configurado para usar `HTTPChallenge` para generar y renovar los certificados TLS de Let's Encrypt, los atacantes pueden aprovechar el retraso autorizado para resolver el desaf\u00edo (50 segundos) para lograr un `ataque lento`. Esta vulnerabilidad ha sido parcheada en las versiones 2.10.6 y 3.0.0-beta5. Se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar deben reemplazar `HTTPChallenge` con `TLSChallenge` o `DNSChallenge`." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-473xx/CVE-2023-47304.json b/CVE-2023/CVE-2023-473xx/CVE-2023-47304.json index 342c74217f5..10b200291fe 100644 --- a/CVE-2023/CVE-2023-473xx/CVE-2023-47304.json +++ b/CVE-2023/CVE-2023-473xx/CVE-2023-47304.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47304", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-05T04:15:07.083", - "lastModified": "2023-12-05T04:15:07.083", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue was discovered in Vonage Box Telephone Adapter VDV23 version VDV21-3.2.11-0.5.1, allows local attackers to bypass UART authentication controls and read/write arbitrary values to the memory of the device." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en Vonage Box Telephone Adapter VDV23 versi\u00f3n VDV21-3.2.11-0.5.1, que permite a atacantes locales eludir los controles de autenticaci\u00f3n UART y leer/escribir valores arbitrarios en la memoria del dispositivo." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-474xx/CVE-2023-47462.json b/CVE-2023/CVE-2023-474xx/CVE-2023-47462.json index a69a3b39ba5..eb703db612d 100644 --- a/CVE-2023/CVE-2023-474xx/CVE-2023-47462.json +++ b/CVE-2023/CVE-2023-474xx/CVE-2023-47462.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47462", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-29T05:15:08.033", - "lastModified": "2023-11-29T14:18:11.973", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-05T14:26:20.953", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,79 @@ "value": "Vulnerabilidad de permisos inseguros en GL.iNet AX1800 v.3.215 y anteriores permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n de compartir archivos." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:gl-inet:gl-ax1800_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "3.125", + "matchCriteriaId": "68E72B04-22CA-4327-8054-4C7378CF8E39" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:gl-inet:gl-ax1800:-:*:*:*:*:*:*:*", + "matchCriteriaId": "459CA3AD-7D9A-4E72-8847-9F989232CDCD" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/gl-inet/CVE-issues/blob/main/3.215/Arbitrary%20File%20Read%20through%20file%20share.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-476xx/CVE-2023-47633.json b/CVE-2023/CVE-2023-476xx/CVE-2023-47633.json index 9ae7255f653..6b49336b380 100644 --- a/CVE-2023/CVE-2023-476xx/CVE-2023-47633.json +++ b/CVE-2023/CVE-2023-476xx/CVE-2023-47633.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47633", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-04T21:15:34.063", - "lastModified": "2023-12-04T21:15:34.063", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Traefik is an open source HTTP reverse proxy and load balancer. The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default configuration. This issue has been addressed in versions 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Traefik es un equilibrador de carga y proxy inverso HTTP de c\u00f3digo abierto. El contenedor acoplable traefik utiliza 100% de CPU cuando sirve como su propio backend, que es una ruta generada autom\u00e1ticamente como resultado de la integraci\u00f3n de Docker en la configuraci\u00f3n predeterminada. Este problema se solucion\u00f3 en las versiones 2.10.6 y 3.0.0-beta5. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48315.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48315.json index ef33e4150d4..c9ab2821f57 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48315.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48315.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48315", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-05T01:15:07.230", - "lastModified": "2023-12-05T01:15:07.230", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to ftp and sntp in RTOS v6.2.1 and below. The fixes have been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Azure RTOS NetX Duo es una pila de red TCP/IP dise\u00f1ada espec\u00edficamente para aplicaciones de IoT y en tiempo real profundamente integradas. Un atacante puede provocar la ejecuci\u00f3n remota de c\u00f3digo debido a vulnerabilidades de desbordamiento de memoria en Azure RTOS NETX Duo. Los componentes afectados incluyen procesos/funciones relacionados con ftp y sntp en RTOS v6.2.1 y versiones anteriores. Las correcciones se incluyeron en la versi\u00f3n 6.3.0 de NetX Duo. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48316.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48316.json index 25906d9ed33..f31a612fd7e 100644 --- a/CVE-2023/CVE-2023-483xx/CVE-2023-48316.json +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48316.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48316", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-05T01:15:07.503", - "lastModified": "2023-12-05T01:15:07.503", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to snmp, smtp, ftp and dtls in RTOS v6.2.1 and below. The fixes have been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Azure RTOS NetX Duo es una pila de red TCP/IP dise\u00f1ada espec\u00edficamente para aplicaciones de IoT y en tiempo real profundamente integradas. Un atacante puede provocar la ejecuci\u00f3n remota de c\u00f3digo debido a vulnerabilidades de desbordamiento de memoria en Azure RTOS NETX Duo. Los componentes afectados incluyen procesos/funciones relacionados con snmp, smtp, ftp y dtls en RTOS v6.2.1 y versiones anteriores. Las correcciones se incluyeron en la versi\u00f3n 6.3.0 de NetX Duo. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48691.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48691.json index f7de40d21d7..829a041b045 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48691.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48691.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48691", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-05T01:15:07.747", - "lastModified": "2023-12-05T01:15:07.747", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause an out-of-bounds write in Azure RTOS NETX Duo, that could lead to remote code execution. The affected components include process related to IGMP protocol in RTOS v6.2.1 and below. The fix has been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Azure RTOS NetX Duo es una pila de red TCP/IP dise\u00f1ada espec\u00edficamente para aplicaciones de IoT y en tiempo real profundamente integradas. Un atacante puede provocar una escritura fuera de los l\u00edmites en Azure RTOS NETX Duo, lo que podr\u00eda provocar la ejecuci\u00f3n remota de c\u00f3digo. Los componentes afectados incluyen procesos relacionados con el protocolo IGMP en RTOS v6.2.1 y versiones anteriores. La soluci\u00f3n se incluy\u00f3 en la versi\u00f3n 6.3.0 de NetX Duo. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48692.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48692.json index 7c4cd303d78..b6dd5b69408 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48692.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48692.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48692", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-05T01:15:07.957", - "lastModified": "2023-12-05T01:15:07.957", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to icmp, tcp, snmp, dhcp, nat and ftp in RTOS v6.2.1 and below. The fixes have been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Azure RTOS NetX Duo es una pila de red TCP/IP dise\u00f1ada espec\u00edficamente para aplicaciones de IoT y en tiempo real profundamente integradas. Un atacante puede provocar la ejecuci\u00f3n remota de c\u00f3digo debido a vulnerabilidades de desbordamiento de memoria en Azure RTOS NETX Duo. Los componentes afectados incluyen procesos/funciones relacionados con icmp, tcp, snmp, dhcp, nat y ftp en RTOS v6.2.1 y versiones anteriores. Las correcciones se incluyeron en la versi\u00f3n 6.3.0 de NetX Duo. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48693.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48693.json index 4de2a7bcfde..335c06dae36 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48693.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48693.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48693", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-05T01:15:08.167", - "lastModified": "2023-12-05T01:15:08.167", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": " Azure RTOS ThreadX is an advanced real-time operating system (RTOS) designed specifically for deeply embedded applications. An attacker can cause arbitrary read and write due to vulnerability in parameter checking mechanism in Azure RTOS ThreadX, which may lead to privilege escalation. The affected components include RTOS ThreadX v6.2.1 and below. The fixes have been included in ThreadX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Azure RTOS ThreadX es un sistema operativo avanzado en tiempo real (RTOS) manipulado espec\u00edficamente para aplicaciones profundamente integradas. Un atacante puede provocar lecturas y escrituras arbitrarias debido a una vulnerabilidad en el mecanismo de verificaci\u00f3n de par\u00e1metros en Azure RTOS ThreadX, lo que puede provocar una escalada de privilegios. Los componentes afectados incluyen RTOS ThreadX v6.2.1 y versiones anteriores. Las correcciones se incluyeron en la versi\u00f3n 6.3.0 de ThreadX. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48694.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48694.json index c9281bd6532..1fb6c42f902 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48694.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48694.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48694", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-05T01:15:08.393", - "lastModified": "2023-12-05T01:15:08.393", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference and type confusion vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host stack and host class, related to device linked classes, ASIX, Prolific, SWAR, audio, CDC ECM in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Azure RTOS USBX es una pila integrada de host, dispositivo y en movimiento (OTG) USB que est\u00e1 completamente integrada con Azure RTOS ThreadX. Un atacante puede provocar la ejecuci\u00f3n remota de c\u00f3digo debido a vulnerabilidades de desreferencia de puntero caducado y confusi\u00f3n de tipos en Azure RTOS USBX. Los componentes afectados incluyen funciones/procesos en la pila de host y la clase de host, relacionados con clases vinculadas a dispositivos, ASIX, Prolific, SWAR, audio, CDC ECM en RTOS v6.2.1 y versiones anteriores. Las correcciones se incluyeron en la versi\u00f3n 6.3.0 de USBX. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48695.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48695.json index eee6c43ed6a..a92045a5236 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48695.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48695.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48695", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-05T01:15:08.640", - "lastModified": "2023-12-05T01:15:08.640", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to out of bounds write vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host and device classes, related to CDC ECM and RNDIS in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Azure RTOS USBX es una pila integrada de host, dispositivo y en movimiento (OTG) USB que est\u00e1 completamente integrada con Azure RTOS ThreadX. Un atacante puede provocar la ejecuci\u00f3n remota de c\u00f3digo debido a vulnerabilidades de escritura fuera de los l\u00edmites en Azure RTOS USBX. Los componentes afectados incluyen funciones/procesos en clases de host y dispositivo, relacionados con CDC ECM y RNDIS en RTOS v6.2.1 y versiones anteriores. Las correcciones se incluyeron en la versi\u00f3n 6.3.0 de USBX. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48696.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48696.json index aafe322362d..933e4d81cc2 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48696.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48696.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48696", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-05T01:15:08.877", - "lastModified": "2023-12-05T01:15:08.877", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference vulnerabilities in Azure RTOS USBX. The affected components include components in host class, related to CDC ACM in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Azure RTOS USBX es una pila integrada de host, dispositivo y en movimiento (OTG) USB que est\u00e1 completamente integrada con Azure RTOS ThreadX. Un atacante puede provocar la ejecuci\u00f3n remota de c\u00f3digo debido a vulnerabilidades de desreferencia de puntero vencido en Azure RTOS USBX. Los componentes afectados incluyen componentes en la clase de host, relacionados con CDC ACM en RTOS v6.2.1 y versiones anteriores. Las correcciones se incluyeron en la versi\u00f3n 6.3.0 de USBX. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48697.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48697.json index 1551eaa03e4..e899ea58419 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48697.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48697.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48697", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-05T01:15:09.120", - "lastModified": "2023-12-05T01:15:09.120", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to memory buffer and pointer vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in pictbridge and host class, related to PIMA, storage, CDC ACM, ECM, audio, hub in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Azure RTOS USBX es una pila integrada de host, dispositivo y en movimiento (OTG) USB que est\u00e1 completamente integrada con Azure RTOS ThreadX. Un atacante puede provocar la ejecuci\u00f3n remota de c\u00f3digo debido a vulnerabilidades del puntero y del b\u00fafer de memoria en Azure RTOS USBX. Los componentes afectados incluyen funciones/procesos en pictbridge y clase de host, relacionados con PIMA, almacenamiento, CDC ACM, ECM, audio y concentrador en RTOS v6.2.1 y versiones anteriores. Las correcciones se incluyeron en la versi\u00f3n 6.3.0 de USBX. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48698.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48698.json index e7a9d9554a0..a779b3dcedb 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48698.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48698.json @@ -2,12 +2,16 @@ "id": "CVE-2023-48698", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-05T01:15:09.353", - "lastModified": "2023-12-05T01:15:09.353", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host stack and host classes, related to device linked classes, GSER and HID in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Azure RTOS USBX es una pila integrada de host, dispositivo y en movimiento (OTG) USB que est\u00e1 completamente integrada con Azure RTOS ThreadX. Un atacante puede provocar la ejecuci\u00f3n remota de c\u00f3digo debido a vulnerabilidades de desreferencia de puntero vencido en Azure RTOS USBX. Los componentes afectados incluyen funciones/procesos en la pila de host y clases de host, relacionados con clases vinculadas a dispositivos, GSER y HID en RTOS v6.2.1 y versiones anteriores. Las correcciones se incluyeron en la versi\u00f3n 6.3.0 de USBX. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-490xx/CVE-2023-49070.json b/CVE-2023/CVE-2023-490xx/CVE-2023-49070.json index e8249a0fde2..0f5370d5e28 100644 --- a/CVE-2023/CVE-2023-490xx/CVE-2023-49070.json +++ b/CVE-2023/CVE-2023-490xx/CVE-2023-49070.json @@ -2,12 +2,16 @@ "id": "CVE-2023-49070", "sourceIdentifier": "security@apache.org", "published": "2023-12-05T08:15:07.443", - "lastModified": "2023-12-05T08:15:07.443", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "\nPre-auth RCE in Apache Ofbiz 18.12.09.\n\nIt's due to XML-RPC\u00a0no longer maintained\u00a0still present.\nThis issue affects Apache OFBiz: before 18.12.10.\u00a0\nUsers are recommended to upgrade to version 18.12.10\n\n" + }, + { + "lang": "es", + "value": "RCE de autorizaci\u00f3n previa en Apache Ofbiz 18.12.09. Se debe a que XML-RPC ya no se mantiene presente. Este problema afecta a Apache OFBiz: antes del 18.12.10. Se recomienda a los usuarios actualizar a la versi\u00f3n 18.12.10" } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-490xx/CVE-2023-49080.json b/CVE-2023/CVE-2023-490xx/CVE-2023-49080.json index fb561b3c38d..e5d8d7ed20a 100644 --- a/CVE-2023/CVE-2023-490xx/CVE-2023-49080.json +++ b/CVE-2023/CVE-2023-490xx/CVE-2023-49080.json @@ -2,12 +2,16 @@ "id": "CVE-2023-49080", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-04T21:15:34.273", - "lastModified": "2023-12-04T21:15:34.273", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. Unhandled errors in API requests coming from an authenticated user include traceback information, which can include path information. There is no known mechanism by which to trigger these errors without authentication, so the paths revealed are not considered particularly sensitive, given that the requesting user has arbitrary execution permissions already in the same environment. A fix has been introduced in commit `0056c3aa52` which no longer includes traceback information in JSON error responses. For compatibility, the traceback field is present, but always empty. This commit has been included in version 2.11.2. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Jupyter Server proporciona el backend (es decir, los servicios principales, API y endpoints REST) para aplicaciones web de Jupyter como Jupyter notebook, JupyterLab y Voila. Los errores no controlados en solicitudes de API provenientes de un usuario autenticado incluyen informaci\u00f3n de rastreo, que puede incluir informaci\u00f3n de ruta. No existe ning\u00fan mecanismo conocido para desencadenar estos errores sin autenticaci\u00f3n, por lo que las rutas reveladas no se consideran particularmente sensibles, dado que el usuario solicitante ya tiene permisos de ejecuci\u00f3n arbitrarios en el mismo entorno. Se introdujo una soluci\u00f3n en el commit `0056c3aa52` que ya no incluye informaci\u00f3n de rastreo en las respuestas de error JSON. Por compatibilidad, el campo de rastreo est\u00e1 presente, pero siempre vac\u00edo. Esta confirmaci\u00f3n se ha incluido en la versi\u00f3n 2.11.2. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49280.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49280.json index 258eaa883f7..2859000fcea 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49280.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49280.json @@ -2,12 +2,16 @@ "id": "CVE-2023-49280", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-04T23:15:26.767", - "lastModified": "2023-12-04T23:15:26.767", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "XWiki Change Request is an XWiki application allowing to request changes on a wiki without publishing directly the changes. Change request allows to edit any page by default, and the changes are then exported in an XML file that anyone can download. So it's possible for an attacker to obtain password hash of users by performing an edit on the user profiles and then downloading the XML file that has been created. This is also true for any document that might contain password field and that a user can view.\nThis vulnerability impacts all version of Change Request, but the impact depends on the rights that has been set on the wiki since it requires for the user to have the Change request right (allowed by default) and view rights on the page to target. This issue cannot be easily exploited in an automated way. The patch consists in denying to users the right of editing pages that contains a password field with change request. It means that already existing change request for those pages won't be removed by the patch, administrators needs to take care of it. The patch is provided in Change Request 1.10, administrators should upgrade immediately. It's possible to workaround the vulnerability by denying manually the Change request right on some spaces, such as XWiki space which will include any user profile by default." + }, + { + "lang": "es", + "value": "XWiki Change Request es una aplicaci\u00f3n XWiki que permite solicitar cambios en una wiki sin publicar directamente los cambios. Change Request permite editar cualquier p\u00e1gina de forma predeterminada y luego los cambios se exportan en un archivo XML que cualquiera puede descargar. Por lo tanto, es posible que un atacante obtenga el hash de contrase\u00f1a de los usuarios realizando una edici\u00f3n en los perfiles de usuario y luego descargando el archivo XML que se ha creado. Esto tambi\u00e9n se aplica a cualquier documento que pueda contener un campo de contrase\u00f1a y que un usuario pueda ver. Esta vulnerabilidad afecta a todas las versiones de Change Request, pero el impacto depende de los derechos que se hayan establecido en el wiki, ya que requiere que el usuario tenga el derecho de Change Request (permitido de forma predeterminada) y derechos de visualizaci\u00f3n en la p\u00e1gina de destino. Este problema no se puede explotar f\u00e1cilmente de forma automatizada. El parche consiste en negar a los usuarios el derecho de editar p\u00e1ginas que contengan un campo de contrase\u00f1a con Change Request. Significa que el parche no eliminar\u00e1 las solicitudes de cambio ya existentes para esas p\u00e1ginas, los administradores deben encargarse de ello. El parche se proporciona en la Change Request 1.10; los administradores deben actualizarlo de inmediato. Es posible solucionar la vulnerabilidad denegando manualmente Change Request en algunos espacios, como el espacio XWiki, que incluir\u00e1 cualquier perfil de usuario de forma predeterminada." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49284.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49284.json index dcbd09c66f8..ba7a7733911 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49284.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49284.json @@ -2,12 +2,16 @@ "id": "CVE-2023-49284", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-05T00:15:08.737", - "lastModified": "2023-12-05T00:15:08.737", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than transforming them into a safe internal representation. While this may cause unexpected behavior with direct input (for example, echo \\UFDD2HOME has the same output as echo $HOME), this may become a minor security problem if the output is being fed from an external program into a command substitution where this output may not be expected. This design flaw was introduced in very early versions of fish, predating the version control system, and is thought to be present in every version of fish released in the last 15 years or more, although with different characters. Code execution does not appear to be possible, but denial of service (through large brace expansion) or information disclosure (such as variable expansion) is potentially possible under certain circumstances. fish shell 3.6.2 has been released to correct this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "fish es un shell de l\u00ednea de comandos inteligente y f\u00e1cil de usar para macOS, Linux y el resto de la familia. fish shell utiliza internamente ciertos caracteres que no son Unicode para marcar comodines y expansiones. Permitir\u00e1 incorrectamente que estos marcadores se lean en la salida de sustituci\u00f3n de comandos, en lugar de transformarlos en una representaci\u00f3n interna segura. Si bien esto puede causar un comportamiento inesperado con la entrada directa (por ejemplo, echo \\UFDD2HOME tiene el mismo resultado que echo $HOME), esto puede convertirse en un problema de seguridad menor si el resultado se env\u00eda desde un programa externo a un comando de sustituci\u00f3n donde este resultado puede que no se espere. Este defecto de dise\u00f1o se introdujo en versiones muy tempranas de Fish, anteriores al sistema de control de versiones, y se cree que est\u00e1 presente en todas las versiones de Fish lanzadas en los \u00faltimos 15 a\u00f1os o m\u00e1s, aunque con caracteres diferentes. La ejecuci\u00f3n del c\u00f3digo no parece posible, pero la denegaci\u00f3n de servicio (mediante una gran expansi\u00f3n de llaves) o la divulgaci\u00f3n de informaci\u00f3n (como la expansi\u00f3n de variables) es potencialmente posible en determinadas circunstancias. Se lanz\u00f3 Fish Shell 3.6.2 para corregir este problema. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49285.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49285.json index 9ce603ae7e9..dea6bfb5285 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49285.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49285.json @@ -2,12 +2,16 @@ "id": "CVE-2023-49285", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-04T23:15:27.007", - "lastModified": "2023-12-04T23:15:27.007", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Squid es un proxy de almacenamiento en cach\u00e9 para la Web que admite HTTP, HTTPS, FTP y m\u00e1s. Debido a un error de sobrelectura del b\u00fafer, Squid es vulnerable a un ataque de denegaci\u00f3n de servicio contra el procesamiento de mensajes HTTP de Squid. Este error se solucion\u00f3 con la versi\u00f3n 6.5 de Squid. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49286.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49286.json index b67b91794a7..b85aabe40f7 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49286.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49286.json @@ -2,12 +2,16 @@ "id": "CVE-2023-49286", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-04T23:15:27.243", - "lastModified": "2023-12-04T23:15:27.243", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Squid es un proxy de almacenamiento en cach\u00e9 para la Web que admite HTTP, HTTPS, FTP y m\u00e1s. Debido a un error de verificaci\u00f3n incorrecta del valor de retorno de la funci\u00f3n, Squid es vulnerable a un ataque de denegaci\u00f3n de servicio contra su gesti\u00f3n de procesos auxiliares. Este error se solucion\u00f3 con la versi\u00f3n 6.5 de Squid. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49288.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49288.json index 5e21874e0e3..aea3b5f76da 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49288.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49288.json @@ -2,12 +2,16 @@ "id": "CVE-2023-49288", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-04T23:15:27.477", - "lastModified": "2023-12-04T23:15:27.477", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with \"collapsed_forwarding on\" are vulnerable. Configurations with \"collapsed_forwarding off\" or without a \"collapsed_forwarding\" directive are not vulnerable. This bug is fixed by Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should remove all collapsed_forwarding lines from their squid.conf." + }, + { + "lang": "es", + "value": "Squid es un proxy de almacenamiento en cach\u00e9 para la Web que admite HTTP, HTTPS, FTP y m\u00e1s. Las versiones afectadas de squid est\u00e1n sujetas a un error Use-After-Free que puede provocar un ataque de denegaci\u00f3n de servicio mediante reenv\u00edo colapsado. Todas las versiones de Squid desde la 3.5 hasta la 5.9 inclusive configuradas con \"collapsed_forwarding on\" son vulnerables. Las configuraciones con \"collapsed_forwarding desactivado\" o sin una directiva \"collapsed_forwarding\" no son vulnerables. Este error se solucion\u00f3 con la versi\u00f3n 6.0.1 de Squid. Se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar deben eliminar todas las l\u00edneas collapsed_forwarding de su squid.conf." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49289.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49289.json index 0e91a6d1fde..93ebbaf121b 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49289.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49289.json @@ -2,12 +2,16 @@ "id": "CVE-2023-49289", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-05T00:15:08.967", - "lastModified": "2023-12-05T00:15:08.967", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Ajax.NET Professional (AjaxPro) is an AJAX framework for Microsoft ASP.NET which will create proxy JavaScript classes that are used on client-side to invoke methods on the web server. Affected versions of this package are vulnerable cross site scripting attacks. Releases before version 21.12.22.1 are affected. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Ajax.NET Professional (AjaxPro) es un framework AJAX para Microsoft ASP.NET que crear\u00e1 clases de JavaScript proxy que se utilizan en el lado del cliente para invocar m\u00e9todos en el servidor web. Las versiones afectadas de este paquete son ataques vulnerables de cross site scripting. Las versiones anteriores a la versi\u00f3n 21.12.22.1 se ven afectadas. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49290.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49290.json index 60a841e661b..b8aa643c1ed 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49290.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49290.json @@ -2,12 +2,16 @@ "id": "CVE-2023-49290", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-05T00:15:09.190", - "lastModified": "2023-12-05T00:15:09.190", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "lestrrat-go/jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. A p2c parameter set too high in JWE's algorithm PBES2-* could lead to a denial of service. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c (PBES2 Count). This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down the key derivation function, making password brute-force and dictionary attacks more resource- intensive. Therefore, if an attacker sets the p2c parameter in JWE to a very large number, it can cause a lot of computational consumption, resulting in a denial of service. This vulnerability has been addressed in commit `64f2a229b` which has been included in release version 1.2.27 and 2.0.18. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "lestrrat-go/jwx es un m\u00f3dulo Go que implementa varias tecnolog\u00edas JWx (JWA/JWE/JWK/JWS/JWT, tambi\u00e9n conocidas como JOSE). Un par\u00e1metro p2c establecido demasiado alto en el algoritmo PBES2-* de JWE podr\u00eda provocar una denegaci\u00f3n de servicio. Los algoritmos de gesti\u00f3n de claves JWE basados en PBKDF2 requieren un par\u00e1metro de encabezado JOSE llamado p2c (PBES2 Count). Este par\u00e1metro dicta el n\u00famero de iteraciones de PBKDF2 necesarias para derivar una clave de envoltura CEK. Su objetivo principal es ralentizar intencionalmente la funci\u00f3n de derivaci\u00f3n de claves, haciendo que los ataques de fuerza bruta a contrase\u00f1as y de diccionario requieran m\u00e1s recursos. Por lo tanto, si un atacante establece el par\u00e1metro p2c en JWE en un n\u00famero muy grande, puede provocar un gran consumo computacional, lo que resultar\u00e1 en una denegaci\u00f3n de servicio. Esta vulnerabilidad se solucion\u00f3 en el commit `64f2a229b` que se incluy\u00f3 en las versiones 1.2.27 y 2.0.18. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49291.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49291.json index a22459b16d5..2cc828703fa 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49291.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49291.json @@ -2,12 +2,16 @@ "id": "CVE-2023-49291", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-05T00:15:09.403", - "lastModified": "2023-12-05T00:15:09.403", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "tj-actions/branch-names is a Github action to retrieve branch or tag names with support for all events. The `tj-actions/branch-names` GitHub Actions improperly references the `github.event.pull_request.head.ref` and `github.head_ref` context variables within a GitHub Actions `run` step. The head ref variable is the branch name and can be used to execute arbitrary code using a specially crafted branch name. As a result an attacker can use this vulnerability to steal secrets from or abuse `GITHUB_TOKEN` permissions. This vulnerability has been addressed in version 7.0.7. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "tj-actions/branch-names es una acci\u00f3n de Github para recuperar nombres de ramas o etiquetas con soporte para todos los eventos. Las GitHub Actions `tj-actions/branch-names` hacen referencia incorrectamente a las variables de contexto `github.event.pull_request.head.ref` y `github.head_ref` dentro de un paso de `ejecuci\u00f3n` de GitHub Actions. La variable head ref es el nombre de la rama y se puede usar para ejecutar c\u00f3digo arbitrario usando un nombre de rama especialmente manipulado. Como resultado, un atacante puede utilizar esta vulnerabilidad para robar secretos o abusar de los permisos \"GITHUB_TOKEN\". Esta vulnerabilidad se ha solucionado en la versi\u00f3n 7.0.7. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49292.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49292.json index 0b76db92bd7..9406bee1bc0 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49292.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49292.json @@ -2,12 +2,16 @@ "id": "CVE-2023-49292", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-05T00:15:09.627", - "lastModified": "2023-12-05T00:15:09.627", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "ecies is an Elliptic Curve Integrated Encryption Scheme for secp256k1 in Golang. If funcations Encapsulate(), Decapsulate() and ECDH() could be called by an attacker, they could recover any private key that interacts with it. This vulnerability was patched in 2.0.8. Users are advised to upgrade." + }, + { + "lang": "es", + "value": "ecies es un esquema de cifrado integrado de curva el\u00edptica para secp256k1 en Golang. Si un atacante pudiera llamar a las funciones Encapsulate(), Decapsulate() y ECDH(), podr\u00eda recuperar cualquier clave privada que interact\u00fae con ellas. Esta vulnerabilidad fue parcheada en 2.0.8. Se recomienda a los usuarios que actualicen." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49293.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49293.json index 4393ad2236e..ea317a84209 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49293.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49293.json @@ -2,12 +2,16 @@ "id": "CVE-2023-49293", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-04T23:15:27.730", - "lastModified": "2023-12-04T23:15:27.730", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Vite is a website frontend framework. When Vite's HTML transformation is invoked manually via `server.transformIndexHtml`, the original request URL is passed in unmodified, and the `html` being transformed contains inline module scripts (``), it is possible to inject arbitrary HTML into the transformed output by supplying a malicious URL query string to `server.transformIndexHtml`. Only apps using `appType: 'custom'` and using the default Vite HTML middleware are affected. The HTML entry must also contain an inline script. The attack requires a user to click on a malicious URL while running the dev server. Restricted files aren't exposed to the attacker. This issue has been addressed in vite@5.0.5, vite@4.5.1, and vite@4.4.12. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Vite es un framework de interfaz de sitio web. Cuando la transformaci\u00f3n HTML de Vite se invoca manualmente a trav\u00e9s de `server.transformIndexHtml`, la URL de solicitud original se pasa sin modificar y el `html` que se transforma contiene scripts de m\u00f3dulo en l\u00ednea (``), es posible inyectar HTML arbitrario en la salida transformada proporcionando una cadena de consulta URL maliciosa a `server.transformIndexHtml`. Solo se ven afectadas las aplicaciones que usan `appType: 'custom'` y usan el middleware HTML predeterminado de Vite. La entrada HTML tambi\u00e9n debe contener un script en l\u00ednea. El ataque requiere que un usuario haga clic en una URL maliciosa mientras ejecuta el servidor de desarrollo. Los archivos restringidos no est\u00e1n expuestos al atacante. Este problema se ha solucionado en vite@5.0.5, vite@4.5.1 y vite@4.4.12. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-496xx/CVE-2023-49654.json b/CVE-2023/CVE-2023-496xx/CVE-2023-49654.json index 03775713a11..6e61672eef2 100644 --- a/CVE-2023/CVE-2023-496xx/CVE-2023-49654.json +++ b/CVE-2023/CVE-2023-496xx/CVE-2023-49654.json @@ -2,23 +2,86 @@ "id": "CVE-2023-49654", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-11-29T14:15:07.570", - "lastModified": "2023-11-29T15:15:09.303", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-05T13:09:25.787", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier allow attackers to have Jenkins parse an XML file from the Jenkins controller file system." + }, + { + "lang": "es", + "value": "Las comprobaciones de permisos faltantes en Jenkins MATLAB Plugin 2.11.0 y versiones anteriores permiten a los atacantes hacer que Jenkins analice un archivo XML del sistema de archivos del controlador Jenkins." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:matlab:*:*:*:*:*:jenkins:*:*", + "versionEndExcluding": "2.11.1", + "matchCriteriaId": "E0BD6729-98FD-4D2D-842C-DD9F16139FDA" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/11/29/1", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3193", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-496xx/CVE-2023-49655.json b/CVE-2023/CVE-2023-496xx/CVE-2023-49655.json index 983b2726d19..70a608fed71 100644 --- a/CVE-2023/CVE-2023-496xx/CVE-2023-49655.json +++ b/CVE-2023/CVE-2023-496xx/CVE-2023-49655.json @@ -2,23 +2,87 @@ "id": "CVE-2023-49655", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-11-29T14:15:07.617", - "lastModified": "2023-11-29T15:15:09.343", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-05T13:22:41.723", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A cross-site request forgery (CSRF) vulnerability in Jenkins MATLAB Plugin 2.11.0 and earlier allows attackers to have Jenkins parse an XML file from the Jenkins controller file system." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de cross-site request forgery (CSRF) en Jenkins MATLAB Plugin 2.11.0 y versiones anteriores permite a los atacantes hacer que Jenkins analice un archivo XML del sistema de archivos del controlador Jenkins." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:matlab:*:*:*:*:*:jenkins:*:*", + "versionEndExcluding": "2.11.1", + "matchCriteriaId": "E0BD6729-98FD-4D2D-842C-DD9F16139FDA" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/11/29/1", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3193", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-496xx/CVE-2023-49656.json b/CVE-2023/CVE-2023-496xx/CVE-2023-49656.json index f2819f0c7cb..702e2cd2087 100644 --- a/CVE-2023/CVE-2023-496xx/CVE-2023-49656.json +++ b/CVE-2023/CVE-2023-496xx/CVE-2023-49656.json @@ -2,23 +2,87 @@ "id": "CVE-2023-49656", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-11-29T14:15:07.667", - "lastModified": "2023-11-29T15:15:09.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-05T13:27:51.253", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks." + }, + { + "lang": "es", + "value": "Jenkins MATLAB Plugin 2.11.0 y versiones anteriores no configuran su analizador XML para evitar ataques de entidades externas XML (XXE)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-611" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:matlab:*:*:*:*:*:jenkins:*:*", + "versionEndExcluding": "2.11.1", + "matchCriteriaId": "E0BD6729-98FD-4D2D-842C-DD9F16139FDA" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/11/29/1", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3193", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-496xx/CVE-2023-49673.json b/CVE-2023/CVE-2023-496xx/CVE-2023-49673.json index 9d9879b2c7c..59ed80e211d 100644 --- a/CVE-2023/CVE-2023-496xx/CVE-2023-49673.json +++ b/CVE-2023/CVE-2023-496xx/CVE-2023-49673.json @@ -2,23 +2,134 @@ "id": "CVE-2023-49673", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-11-29T14:15:07.707", - "lastModified": "2023-11-29T15:15:09.437", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-05T13:32:39.200", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de cross-site request forgery (CSRF) en Jenkins NeuVector Vulnerability Scanner Plugin 1.22 y versiones anteriores permite a los atacantes conectarse a un nombre de host y puerto especificados por el atacante utilizando un nombre de usuario y contrase\u00f1a especificados por el atacante." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:neuvector_vulnerability_scanner:*:*:*:*:*:jenkins:*:*", + "versionEndExcluding": "2.2", + "matchCriteriaId": "6D2CFA20-4C85-40E9-B42E-E6C6C7996FC5" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:jira:*:*:*:*:*:jenkins:*:*", + "versionEndExcluding": "3.1.2", + "matchCriteriaId": "6DBBA0D0-DB53-4A3E-B0DB-4514F45BE944" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:google_compute_engine:*:*:*:*:*:jenkins:*:*", + "versionEndExcluding": "4.551.0", + "matchCriteriaId": "4374C881-1548-41DF-B673-5F9E59B08C4C" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:matlab:*:*:*:*:*:jenkins:*:*", + "versionEndExcluding": "2.11.1", + "matchCriteriaId": "E0BD6729-98FD-4D2D-842C-DD9F16139FDA" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/11/29/1", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3256", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-496xx/CVE-2023-49674.json b/CVE-2023/CVE-2023-496xx/CVE-2023-49674.json index 5e7bb4dbbda..47eb9d2f487 100644 --- a/CVE-2023/CVE-2023-496xx/CVE-2023-49674.json +++ b/CVE-2023/CVE-2023-496xx/CVE-2023-49674.json @@ -2,23 +2,86 @@ "id": "CVE-2023-49674", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-11-29T14:15:07.750", - "lastModified": "2023-11-29T15:15:09.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-05T14:05:54.363", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password." + }, + { + "lang": "es", + "value": "Una verificaci\u00f3n de permiso faltante en Jenkins NeuVector Vulnerability Scanner Plugin 1.22 y versiones anteriores permite a los atacantes con permiso general/lectura conectarse a un nombre de host y puerto especificados por el atacante utilizando el nombre de usuario y la contrase\u00f1a especificados por el atacante." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:neuvector_vulnerability_scanner:*:*:*:*:*:jenkins:*:*", + "versionEndIncluding": "1.22", + "matchCriteriaId": "AC4C9417-DFB2-4B44-ABC5-76966DEF424B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/11/29/1", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3256", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-51xx/CVE-2023-5105.json b/CVE-2023/CVE-2023-51xx/CVE-2023-5105.json index ffd428077e3..a38956d52f0 100644 --- a/CVE-2023/CVE-2023-51xx/CVE-2023-5105.json +++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5105.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5105", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-04T22:15:07.620", - "lastModified": "2023-12-04T22:15:07.620", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Frontend File Manager Plugin WordPress plugin before 22.6 has a vulnerability that allows an Editor+ user to bypass the file download logic and download files such as `wp-config.php`" + }, + { + "lang": "es", + "value": "El complemento Frontend File Manager Plugin de WordPress anterior a 22.6 tiene una vulnerabilidad que permite a un usuario de Editor+ omitir la l\u00f3gica de descarga de archivos y descargar archivos como `wp-config.php`." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-51xx/CVE-2023-5108.json b/CVE-2023/CVE-2023-51xx/CVE-2023-5108.json index 7d5577f0996..8cbe1dc4672 100644 --- a/CVE-2023/CVE-2023-51xx/CVE-2023-5108.json +++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5108.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5108", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-04T22:15:07.667", - "lastModified": "2023-12-04T22:15:07.667", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Easy Newsletter Signups WordPress plugin through 1.0.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin" + }, + { + "lang": "es", + "value": "El complemento Easy Newsletter Signups de WordPress hasta la versi\u00f3n 1.0.4 no sanitiza ni escapa adecuadamente un par\u00e1metro antes de usarlo en una declaraci\u00f3n SQL, lo que genera una inyecci\u00f3n de SQL explotable por usuarios con privilegios elevados, como el administrador." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-51xx/CVE-2023-5137.json b/CVE-2023/CVE-2023-51xx/CVE-2023-5137.json index 106a1f6a032..2d9c599bc03 100644 --- a/CVE-2023/CVE-2023-51xx/CVE-2023-5137.json +++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5137.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5137", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-04T22:15:07.713", - "lastModified": "2023-12-04T22:15:07.713", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Simply Excerpts WordPress plugin through 1.4 does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup)." + }, + { + "lang": "es", + "value": "El complemento Simply Excerpts de WordPress hasta la versi\u00f3n 1.4 no sanitiza ni escapa algunos campos en la configuraci\u00f3n del complemento, lo que podr\u00eda permitir a usuarios con altos privilegios, como un administrador, inyectar scripts web arbitrarios incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-51xx/CVE-2023-5141.json b/CVE-2023/CVE-2023-51xx/CVE-2023-5141.json index d91b3db2bc0..b2c29395c7c 100644 --- a/CVE-2023/CVE-2023-51xx/CVE-2023-5141.json +++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5141.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5141", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-04T22:15:07.767", - "lastModified": "2023-12-04T22:15:07.767", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The BSK Contact Form 7 Blacklist WordPress plugin through 1.0.1 does not sanitise and escape the inserted_count parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin" + }, + { + "lang": "es", + "value": "El complemento BSK Contact Form 7 Blacklist de WordPress hasta la versi\u00f3n 1.0.1 no sanitiza ni escapa del par\u00e1metro insert_count antes de devolverlo a la p\u00e1gina, lo que genera Cross-Site Scripting Reflejado que podr\u00eda usarse contra usuarios con altos privilegios, como el administrador." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-51xx/CVE-2023-5178.json b/CVE-2023/CVE-2023-51xx/CVE-2023-5178.json index 8c9342e76dd..afac9b4031b 100644 --- a/CVE-2023/CVE-2023-51xx/CVE-2023-5178.json +++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5178.json @@ -2,12 +2,12 @@ "id": "CVE-2023-5178", "sourceIdentifier": "secalert@redhat.com", "published": "2023-11-01T17:15:11.920", - "lastModified": "2023-11-29T00:15:07.243", + "lastModified": "2023-12-05T13:15:07.387", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation in case that the attacker already has local privileges." + "value": "A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a malicious local privileged user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation problem." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-51xx/CVE-2023-5188.json b/CVE-2023/CVE-2023-51xx/CVE-2023-5188.json index f2e8f75f27d..1be59899189 100644 --- a/CVE-2023/CVE-2023-51xx/CVE-2023-5188.json +++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5188.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5188", "sourceIdentifier": "info@cert.vde.com", "published": "2023-12-05T08:15:07.690", - "lastModified": "2023-12-05T08:15:07.690", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The MMS Interpreter of WagoAppRTU in versions below 1.4.6.0 which is used by the WAGO Telecontrol Configurator is vulnerable to malformed packets. An remote unauthenticated attacker could send specifically crafted packets that lead to a denial-of-service condition until restart of the affected device." + }, + { + "lang": "es", + "value": "MMS Interpreter de WagoAppRTU en versiones inferiores a 1.4.6.0 que utiliza WAGO Telecontrol Configurator es vulnerable a paquetes con formato incorrecto. Un atacante remoto no autenticado podr\u00eda enviar paquetes espec\u00edficamente manipulados que conduzcan a una condici\u00f3n de denegaci\u00f3n de servicio hasta que se reinicie el dispositivo afectado." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-52xx/CVE-2023-5210.json b/CVE-2023/CVE-2023-52xx/CVE-2023-5210.json index 537a5e14320..1df2a3c6315 100644 --- a/CVE-2023/CVE-2023-52xx/CVE-2023-5210.json +++ b/CVE-2023/CVE-2023-52xx/CVE-2023-5210.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5210", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-04T22:15:07.813", - "lastModified": "2023-12-04T22:15:07.813", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The AMP+ Plus WordPress plugin through 3.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin" + }, + { + "lang": "es", + "value": "El complemento AMP+ Plus de WordPress hasta la versi\u00f3n 3.0 no sanitiza ni escapa un par\u00e1metro antes de devolverlo a la p\u00e1gina, lo que genera Cross-Site Scripting Reflejado que podr\u00eda usarse contra usuarios con altos privilegios, como el administrador." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5762.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5762.json index 423042b79d9..804d2a69663 100644 --- a/CVE-2023/CVE-2023-57xx/CVE-2023-5762.json +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5762.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5762", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-04T22:15:07.867", - "lastModified": "2023-12-04T22:15:07.867", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Filr WordPress plugin before 1.2.3.6 is vulnerable from an RCE (Remote Code Execution) vulnerability, which allows the operating system to execute commands and fully compromise the server on behalf of a user with Author-level privileges." + }, + { + "lang": "es", + "value": "El complemento Filr de WordPress anterior a 1.2.3.6 es afectado por una vulnerabilidad RCE (ejecuci\u00f3n remota de c\u00f3digo), que permite al sistema operativo ejecutar comandos y comprometer completamente el servidor en nombre de un usuario con privilegios de nivel de autor." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5808.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5808.json index 4e008e5623e..47af139ac78 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5808.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5808.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5808", "sourceIdentifier": "security.vulnerabilities@hitachivantara.com", "published": "2023-12-05T00:15:09.840", - "lastModified": "2023-12-05T00:15:09.840", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Information disclosure in SMU in Hitachi Vantara HNAS 14.8.7825.01 on Windows allows authenticated users to download sensitive files via Insecure Direct Object Reference (IDOR).\n" + }, + { + "lang": "es", + "value": "La divulgaci\u00f3n de informaci\u00f3n en SMU en Hitachi Vantara HNAS 14.8.7825.01 en Windows permite a los usuarios autenticados descargar archivos confidenciales a trav\u00e9s de Insecure Direct Object Reference (IDOR)." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5809.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5809.json index 12af1960c98..c6d4d0bce69 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5809.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5809.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5809", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-04T22:15:07.920", - "lastModified": "2023-12-04T22:15:07.920", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" + }, + { + "lang": "es", + "value": "El complemento Popup box de WordPress anterior a 3.8.6 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5874.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5874.json index 78a7d940030..bf9b148eebd 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5874.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5874.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5874", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-04T22:15:07.970", - "lastModified": "2023-12-04T22:15:07.970", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" + }, + { + "lang": "es", + "value": "El complemento Popup box de WordPress anterior a 3.8.6 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5884.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5884.json index 80ddbef0457..f672d2da5a0 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5884.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5884.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5884", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-04T22:15:08.020", - "lastModified": "2023-12-04T22:15:08.020", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Word Balloon WordPress plugin before 4.20.3 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to trick a logged in user to delete arbitrary avatars by clicking a link." + }, + { + "lang": "es", + "value": "El complemento Word Balloon de WordPress anterior a 4.20.3 no protege algunas de sus acciones contra ataques CSRF, lo que permite a un atacante no autenticado enga\u00f1ar a un usuario que ha iniciado sesi\u00f3n para que elimine avatares arbitrarios haciendo clic en un enlace." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5944.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5944.json index bd49bb97fd7..e614191949d 100644 --- a/CVE-2023/CVE-2023-59xx/CVE-2023-5944.json +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5944.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5944", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-12-04T23:15:27.940", - "lastModified": "2023-12-04T23:15:27.940", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "\nDelta Electronics\u00a0DOPSoft is vulnerable to a stack-based buffer overflow, which may allow for arbitrary code execution if an attacker can lead a legitimate user to execute a specially crafted file.\n\n" + }, + { + "lang": "es", + "value": "Delta Electronics DOPSoft es vulnerable a un desbordamiento del b\u00fafer basado en pila, lo que puede permitir la ejecuci\u00f3n de c\u00f3digo arbitrario si un atacante puede llevar a un usuario leg\u00edtimo a ejecutar un archivo especialmente manipulado." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5951.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5951.json index e49636174f8..983a7061769 100644 --- a/CVE-2023/CVE-2023-59xx/CVE-2023-5951.json +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5951.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5951", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-04T22:15:08.063", - "lastModified": "2023-12-04T22:15:08.063", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Welcart e-Commerce WordPress plugin before 2.9.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin" + }, + { + "lang": "es", + "value": "El complemento Welcart e-Commerce de WordPress anterior a 2.9.5 no sanitiza ni escapa un par\u00e1metro antes de devolverlo a la p\u00e1gina, lo que genera Cross-Site Scripting Reflejado que podr\u00eda usarse contra usuarios con privilegios elevados, como el administrador." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5952.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5952.json index fc7e6917c63..e070d0f3ab5 100644 --- a/CVE-2023/CVE-2023-59xx/CVE-2023-5952.json +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5952.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5952", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-04T22:15:08.117", - "lastModified": "2023-12-04T22:15:08.117", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Welcart e-Commerce WordPress plugin before 2.9.5 unserializes user input from cookies, which could allow unautehtniacted users to perform PHP Object Injection when a suitable gadget is present on the blog" + }, + { + "lang": "es", + "value": "El complemento Welcart e-Commerce de WordPress anterior a 2.9.5 deserializa la entrada del usuario a trav\u00e9s de cookies, lo que podr\u00eda permitir a usuarios no autenticados realizar inyecci\u00f3n de objetos PHP cuando hay un gadget adecuado presente en el blog." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5953.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5953.json index 0520081eb46..32c04f549be 100644 --- a/CVE-2023/CVE-2023-59xx/CVE-2023-5953.json +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5953.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5953", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-04T22:15:08.170", - "lastModified": "2023-12-04T22:15:08.170", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Welcart e-Commerce WordPress plugin before 2.9.5 does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload. As a result, any authenticated users, such as subscriber could upload arbitrary files, such as PHP on the server" + }, + { + "lang": "es", + "value": "El complemento Welcart e-Commerce de WordPress anterior a 2.9.5 no valida los archivos que se van a cargar, adem\u00e1s de que no tiene autorizaci\u00f3n ni CSRF en una acci\u00f3n AJAX que maneje dicha carga. Como resultado, cualquier usuario autenticado, como un suscriptor, podr\u00eda cargar archivos arbitrarios, como PHP, en el servidor." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5979.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5979.json index 755096a096d..22c84ca07e2 100644 --- a/CVE-2023/CVE-2023-59xx/CVE-2023-5979.json +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5979.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5979", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-04T22:15:08.220", - "lastModified": "2023-12-04T22:15:08.220", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The eCommerce Product Catalog Plugin for WordPress plugin before 3.3.26 does not have CSRF checks in some of its admin pages, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as delete all products" + }, + { + "lang": "es", + "value": "El complemento eCommerce Product Catalog para WordPress anterior a la versi\u00f3n 3.3.26 no tiene comprobaciones CSRF en algunas de sus p\u00e1ginas de administraci\u00f3n, lo que podr\u00eda permitir a los atacantes hacer que los usuarios que han iniciado sesi\u00f3n realicen acciones no deseadas mediante ataques CSRF, como eliminar todos los productos." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5990.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5990.json index 6b054f2f574..beb73d8445a 100644 --- a/CVE-2023/CVE-2023-59xx/CVE-2023-5990.json +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5990.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5990", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-04T22:15:08.293", - "lastModified": "2023-12-04T22:15:08.293", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor WordPress plugin before 3.4.2 does not have CSRF checks on some of its form actions such as deletion and duplication, which could allow attackers to make logged in admin perform such actions via CSRF attacks" + }, + { + "lang": "es", + "value": "Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor de WordPress anteriores a 3.4.2 no tienen controles CSRF en algunas de las acciones de su formulario, como la eliminaci\u00f3n y la duplicaci\u00f3n, lo que podr\u00eda permitir a los atacantes hacer que el administrador conectado realice tales acciones a trav\u00e9s de Ataques CSRF" } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6063.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6063.json index f8557f8b927..47b397f26a5 100644 --- a/CVE-2023/CVE-2023-60xx/CVE-2023-6063.json +++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6063.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6063", "sourceIdentifier": "contact@wpscan.com", "published": "2023-12-04T22:15:08.337", - "lastModified": "2023-12-04T22:15:08.337", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users." + }, + { + "lang": "es", + "value": "El complemento WP Fastest Cache de WordPress anterior a 1.2.2 no sanitiza ni escapa adecuadamente un par\u00e1metro antes de usarlo en una declaraci\u00f3n SQL, lo que genera una inyecci\u00f3n de SQL explotable por usuarios no autenticados." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6269.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6269.json index a27068ac050..5cd501fbbf1 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6269.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6269.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6269", "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf", "published": "2023-12-05T08:15:08.020", - "lastModified": "2023-12-05T08:15:08.020", - "vulnStatus": "Received", + "lastModified": "2023-12-05T13:51:04.540", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An argument injection vulnerability has been identified in the \nadministrative web interface of the Atos Unify OpenScape products \"Session Border Controller\" (SBC) and \"Branch\", before version V10 R3.4.0,\u00a0and OpenScape \"BCF\" before versions V10R10.12.00 and V10R11.05.02. This allows an \nunauthenticated attacker to gain root access to the appliance via SSH (scope change) and also bypass authentication for the administrative interface and gain\n access as an arbitrary (administrative) user." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad de inyecci\u00f3n de argumentos en la interfaz web administrativa de los productos Atos Unify OpenScape \"Session Border Controller\" (SBC) y \"Branch\", anteriores a la versi\u00f3n V10 R3.4.0, y OpenScape \"BCF\" anteriores a las versiones V10R10.12.00 y V10R11.05.02. Esto permite que un atacante no autenticado obtenga acceso root al dispositivo a trav\u00e9s de SSH (cambio de alcance) y tambi\u00e9n omita la autenticaci\u00f3n para la interfaz administrativa y obtenga acceso como un usuario (administrativo) arbitrario." } ], "metrics": { diff --git a/README.md b/README.md index 650ffb7a3ad..163d36da0ad 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-12-05T13:02:17.124636+00:00 +2023-12-05T15:01:03.233992+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-12-05T12:56:50.947000+00:00 +2023-12-05T14:59:07.577000+00:00 ``` ### Last Data Feed Release @@ -29,30 +29,45 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -232332 +232333 ``` ### CVEs added in the last Commit -Recently added CVEs: `7` +Recently added CVEs: `1` -* [CVE-2023-43608](CVE-2023/CVE-2023-436xx/CVE-2023-43608.json) (`2023-12-05T12:15:42.467`) -* [CVE-2023-43628](CVE-2023/CVE-2023-436xx/CVE-2023-43628.json) (`2023-12-05T12:15:43.000`) -* [CVE-2023-45838](CVE-2023/CVE-2023-458xx/CVE-2023-45838.json) (`2023-12-05T12:15:43.210`) -* [CVE-2023-45839](CVE-2023/CVE-2023-458xx/CVE-2023-45839.json) (`2023-12-05T12:15:43.397`) -* [CVE-2023-45840](CVE-2023/CVE-2023-458xx/CVE-2023-45840.json) (`2023-12-05T12:15:43.580`) -* [CVE-2023-45841](CVE-2023/CVE-2023-458xx/CVE-2023-45841.json) (`2023-12-05T12:15:43.773`) -* [CVE-2023-45842](CVE-2023/CVE-2023-458xx/CVE-2023-45842.json) (`2023-12-05T12:15:43.967`) +* [CVE-2022-24403](CVE-2022/CVE-2022-244xx/CVE-2022-24403.json) (`2023-12-05T14:15:07.510`) ### CVEs modified in the last Commit -Recently modified CVEs: `4` +Recently modified CVEs: `203` -* [CVE-2023-4912](CVE-2023/CVE-2023-49xx/CVE-2023-4912.json) (`2023-12-05T12:15:44.170`) -* [CVE-2023-23324](CVE-2023/CVE-2023-233xx/CVE-2023-23324.json) (`2023-12-05T12:39:44.770`) -* [CVE-2023-23325](CVE-2023/CVE-2023-233xx/CVE-2023-23325.json) (`2023-12-05T12:48:15.773`) -* [CVE-2023-24294](CVE-2023/CVE-2023-242xx/CVE-2023-24294.json) (`2023-12-05T12:56:50.947`) +* [CVE-2023-37572](CVE-2023/CVE-2023-375xx/CVE-2023-37572.json) (`2023-12-05T13:51:04.540`) +* [CVE-2023-39248](CVE-2023/CVE-2023-392xx/CVE-2023-39248.json) (`2023-12-05T13:51:04.540`) +* [CVE-2023-44288](CVE-2023/CVE-2023-442xx/CVE-2023-44288.json) (`2023-12-05T13:51:04.540`) +* [CVE-2023-44295](CVE-2023/CVE-2023-442xx/CVE-2023-44295.json) (`2023-12-05T13:51:04.540`) +* [CVE-2023-43472](CVE-2023/CVE-2023-434xx/CVE-2023-43472.json) (`2023-12-05T13:51:04.540`) +* [CVE-2023-49070](CVE-2023/CVE-2023-490xx/CVE-2023-49070.json) (`2023-12-05T13:51:04.540`) +* [CVE-2023-5188](CVE-2023/CVE-2023-51xx/CVE-2023-5188.json) (`2023-12-05T13:51:04.540`) +* [CVE-2023-6269](CVE-2023/CVE-2023-62xx/CVE-2023-6269.json) (`2023-12-05T13:51:04.540`) +* [CVE-2023-41835](CVE-2023/CVE-2023-418xx/CVE-2023-41835.json) (`2023-12-05T13:51:04.540`) +* [CVE-2023-43608](CVE-2023/CVE-2023-436xx/CVE-2023-43608.json) (`2023-12-05T13:51:04.540`) +* [CVE-2023-43628](CVE-2023/CVE-2023-436xx/CVE-2023-43628.json) (`2023-12-05T13:51:04.540`) +* [CVE-2023-45838](CVE-2023/CVE-2023-458xx/CVE-2023-45838.json) (`2023-12-05T13:51:04.540`) +* [CVE-2023-45839](CVE-2023/CVE-2023-458xx/CVE-2023-45839.json) (`2023-12-05T13:51:04.540`) +* [CVE-2023-45840](CVE-2023/CVE-2023-458xx/CVE-2023-45840.json) (`2023-12-05T13:51:04.540`) +* [CVE-2023-45841](CVE-2023/CVE-2023-458xx/CVE-2023-45841.json) (`2023-12-05T13:51:04.540`) +* [CVE-2023-45842](CVE-2023/CVE-2023-458xx/CVE-2023-45842.json) (`2023-12-05T13:51:04.540`) +* [CVE-2023-49674](CVE-2023/CVE-2023-496xx/CVE-2023-49674.json) (`2023-12-05T14:05:54.363`) +* [CVE-2023-46887](CVE-2023/CVE-2023-468xx/CVE-2023-46887.json) (`2023-12-05T14:19:33.893`) +* [CVE-2023-47462](CVE-2023/CVE-2023-474xx/CVE-2023-47462.json) (`2023-12-05T14:26:20.953`) +* [CVE-2023-29060](CVE-2023/CVE-2023-290xx/CVE-2023-29060.json) (`2023-12-05T14:44:26.333`) +* [CVE-2023-29062](CVE-2023/CVE-2023-290xx/CVE-2023-29062.json) (`2023-12-05T14:44:47.873`) +* [CVE-2023-29063](CVE-2023/CVE-2023-290xx/CVE-2023-29063.json) (`2023-12-05T14:45:30.123`) +* [CVE-2023-29061](CVE-2023/CVE-2023-290xx/CVE-2023-29061.json) (`2023-12-05T14:45:46.417`) +* [CVE-2023-29064](CVE-2023/CVE-2023-290xx/CVE-2023-29064.json) (`2023-12-05T14:54:35.220`) +* [CVE-2023-29065](CVE-2023/CVE-2023-290xx/CVE-2023-29065.json) (`2023-12-05T14:59:07.577`) ## Download and Usage